RUHAPPY

A newly emerging hacking group from North Korea has been making the headlines recently. This group is known as APT37 (Advanced Persistent Threat) or ScarCruft. The APT37 group appears to be employed by the North Korean government and used as their cyber-attack-dogs alongside the infamous Lazarus hacking group. The majority of the the ScarCruft hacking group targets are prone to be located in South Korea, but there have been some notable campaigns against targets in the Middle East too. The APT37 group has a preference for stealth, and they design their tools to operate silently and remain under the radar of their victims for as long as possible. This way, the ScarCruft group can collect more information about its targets.

Can Render a System Inoperable

Despite the fact that most of the hacking tools in the APT37 arsenal are tailored towards stealth, they also have more destructive threats like the RUHAPPY wiper. Researchers have determined that the RUHAPPY wiper has been used in campaigns in unison with another one of the ScarCruft group hacking tools – the DOGCALL malware. The latter threat is used for collecting information about the infected system and then delivering and planting an additional harmful payload. When the RUHAPPY wiper is planted as a second-stage payload onto the compromised host, it has a rather destructive task at hand. The purpose of the RUHAPPY threat is to overwrite the MBR (Master Boot Record) of the hard disk. It is likely that if the RUHAPPY wiper is successful in its task, the users systems may be damaged permanently. If the victims attempt to restart their computers, the RUHAPPY wiper will present them with a ‘Are you Happy?’ message on their screen.

Luckily, since 2017, we have not heard of any new activity linked to the RUHAPPY wiper so that there may be a chance that the ScarCruft group may have retired this hacking tool. However, the APT37 group is doing the bidding of the North Korean government clearly, seeing that there have been reports of infection with the RUHAPPY wiper from various military and government bodies located in South Korea.