DOGCALL
There is a newly emerging high-profile ill-minded actor from North Korea, the ScarCruft hacking group. This group of individuals also is known as the APT37 (Advanced Persistent Threat). Cybersecurity researchers believe that the ScarCruft group is likely being funded by the North Korean government directly and is being used as a weapon against foreign governments and officials. Most of the APT37’s targets appear to be South Korean individuals in positions of importance or power. The ScarCruft hacking group has a long list of hacking tools, among which is the DOGCALL backdoor Trojan. The first campaign in which the DOGCALL Trojan was utilized took place in August 2016.
Targeted Military and Government Institutions in South Korea
In 2017 the APT37 launched an operation targeting government bodies and military institutions located in South Korea. One of the tools, which were used in this infamous campaign is the DOGCALL backdoor Trojan. The propagation method employed by the attackers was spam emails that contained a fake Microsoft Office document attached to them. The DOGCALL Trojan’s payload would be executed as soon as the segment of obfuscated shellcode decrypts it.
Capabilities
The ScarCruft hacking group is known for its preference of stealth over brute force. The DOGCALL Trojan does not stray from this preferred method of the APT37 it is meant to infiltrate the host and operate on the down-low allowing the attackers to have access to the system over a prolonged period silently. The DOGCALL backdoor Trojan is capable of:
- Executing a keylogging module.
- Taking screenshots of open tabs and the desktop of the victim.
- Executing remote commands.
The DOGCALL Trojan is capable of detecting whether it is being run in a malware debugging environment, which makes the job of malware researchers more difficult but not impossible. The APT37 is known to have used another one of their hacking tools in combination with the DOGCALL Trojan, the RUHAPPY wiper.
For a while, the only hacking group known to hail from North Korea was Lazarus. However, the ScarCruft APT has been making the headlines recently, and the fact that the North Korean government funds them is enough to make one realize that this malicious actor will be around for a while.
