ScarCruft (also known as Group 123 and Reaper) is an APT (Advanced Persistent Threat) which usually engages in espionage operations and is believed to originate from North Korea. This conclusion was derived from the fact that the identified victims, one of which Russian, seem to have ties to North Korea, and likely North Korean affairs. Most of ScarCruft APT's operations are carried out in South East Asia. However, they do not limit their activity to this region only. ScarCruft has a specific taste for high-end targets and has thus been gradually upgrading their hacking arsenal and expanding their reach with new attacks detected in Hong Kong and Russia. Recently, they got in the news for developing and launching a piece of malware that targets Bluetooth devices with the end goal of collecting data.
When malware experts started researching ScarCruft's operations up close, they found out that over the course of 2018 this Korean-speaking APT had managed not only to upgrade their whole arsenal of hacking tools but also update the tools, which were already in use, planted on their victims' systems, without being detected by anybody.
ScarCruft APT seems to have decided to expand their horizons and have started targeting mobile devices too. This is how their ScarCruft Bluetooth Harvester came to fruition. This malware can exploit the integrated Windows Bluetooth APIs to achieve its purpose. ScarCruft Bluetooth Harvester is programmed to collect and siphon information about the devices it has been planted on such as an address, device type, and name, what it is connected to, authentication state, and its trusted status.
It is clear to see that more and more ambitious and highly-capable hacking groups are emerging and government institutions, as well as large corporations, cannot afford to let down their guard – the latest and most innovative cybersecurity techniques need to be followed strictly in order to minimize the risk of infiltration and potentially huge damages.
File System Details
This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.