The newly rising star on the North Korean cybercrime stage is the ScarCruft hacking group. It also is known under the APT37 (Advanced Persistent Threat) alias. The ScarCruft hacking group is likely to be funded by the government of North Korea directly. This is why it is almost certain that the APT37 group is one of the attack dogs of Kim Jong-Un. This is why it makes sense that most of the targets of the ScarCruft hacking group are either government-linked institutions or high-ranking officials, usually located in South Korea. One of the tools in the arsenal of the ScarCruft hacking group is the SHUTTERSPEED backdoor Trojan. This threat is meant to be used as a first-stage payload, which serves to deploy additional threats on the compromised machine. The SHUTTERSPEED Trojan also can collect system information (software and hardware) about the host. This helps the attackers determine how to continue the attack in the most efficient manner.
Exploits a Known Vulnerability
In 2017 the SHUTTERSPEED backdoor Trojan was employed in a rather large campaign. The infection vector used was ‘.RTF’ files. A macro-script was planted within the files in question. These macro-scripts were designed to exploit certain vulnerabilities such as CVE-2017-0199. Exploiting this vulnerability allows the operators of the SHUTTERSPEED Trojan to run commands via a uniquely created ‘.RTF’ file. This enables the attackers to collect data regarding the hardware of the host and the software present on the system. The collected data would then be transferred to the C&C (Command & Control) server of the attackers. The SHUTTERSPEED backdoor Trojan also can be used to plant more hacking tools on the compromised machine, which can cause further damage.
The APT37 may not be as popular as the other North Korean hacking group known as Lazarus, but they are developing very fast certainly, and there is no doubt we will continue to read about their campaigns in the future.
Do You Suspect Your PC May Be Infected with SHUTTERSPEED & Other Threats? Scan Your PC with SpyHunterSpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like SHUTTERSPEED as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Security Doesn't Let You Download SpyHunter or Access the Internet?Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
- Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
- Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
- Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
- IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.