APT37

APT37 Description

APT37 (Advanced Persistent Threat) is a hacking group that is likely to operate from North Korea. Experts speculate that APT37 may be financed by the North Korean government directly. This hacking group is also known as ScarCruft. Until 2017 APT37 concentrated almost all their efforts on targets located in South Korea. However, in 2017, the hacking group began expanding their reach and started launching campaigns in other East Asian states such as Japan and Vietnam. The APT37 has also had targets located in the Middle East. The hacking group is also known to collaborate with other ill-minded actors.

APT37 is meant to further North Korean interests, and thus their targets tend to be high-profile. The hacking group tends to target industries linked to automobile manufacturing, chemical production, aerospace, etc.

Propagation Methods

Cybersecurity experts have been observing APT37’s campaigns and have outlined several propagation methods, which are often implemented:

  • Spreading malware via torrent websites.
  • Launching spear-phishing email campaigns.
  • Using various social engineering techniques to trick users into downloading and executing corrupted files.
  • Infiltrating services and websites to hijack them and use them to spread malware.

APT37’s Arsenal of Tools

APT37 is a hacking group with a wide variety of tools at their disposal. Among the more popular hacking tools used by APT37 are:

  • NavRAT, a RAT or Remote Access Trojan, which packs a long list of features.
  • CORALDECK, a threat used for collecting files from the compromised host.
  • Karae, a backdoor Trojan that gathers data about the host system and enables the attackers to determine how to proceed with the attack.
  • DOGCALL, a backdoor Trojan, which resembles a RAT due to its capabilities.
  • ROKRAT, a RAT that can record audio, hijack login credentials, execute remote commands, etc.
  • ScarCruft Bluetooth Harvester, an Android-based threat that is used to collect information from the compromised device.
  • GELCAPSULE, a Trojan that is used for planting additional malware on the infected system.
  • MILKDRO, a backdoor, which tampers with the Windows Registry to gain persistence and operates very silently.
  • SHUTTERSPEED, a backdoor Trojan, which can take screenshots, siphon information regarding the software and hardware of the host, and deploy additional malware on the system.
  • RICECURRY, a piece of code written in JavaScript, which is injected into hijacked websites and is used for checking the fingerprint of the users visiting the page to determine if the attackers should execute the malware or not.
  • SLOWDRIFT, a Trojan downloader.
  • RUHAPPY, a disk wiper that exploits the MBR (Master Boot Record) of the user’s hard drive.
  • ZUMKONG, an infostealer that is compatible with the Google Chrome and Internet Explorer Web browsers.
  • SOUNDWAVE, a tool, which is capable of recording audio (via the microphone present on the system) and then sending the recording to the C&C (Command & Control) server of the attackers.

The APT37 hacking group is not one to be underestimated certainly, despite them not being the top cyber crook organization in North Korea. They continue to expand their hacking tool arsenal and launch campaigns against high-profile targets around the world so that we will likely continue hearing about their dealings.

Do You Suspect Your PC May Be Infected with APT37 & Other Threats? Scan Your PC with SpyHunter

SpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like APT37 as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Note: SpyHunter's scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. Free Remover allows you to run a one-off scan and receive, subject to a 48-hour waiting period, one remediation and removal. Free Remover subject to promotional details and Special Promotion Terms. To understand our policies, please also review our EULA, Privacy Policy and Threat Assessment Criteria. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.

Security Doesn't Let You Download SpyHunter or Access the Internet?

Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.
If you still can't install SpyHunter? View other possible causes of installation issues.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.