The North Korean government does not shy away from using hacking groups to do their bidding on the international stage. They are known to have been working with the notorious Lazarus hacking group for years, which has carried out numerous attacks aimed at furthering North Korean interests politically. Recently, they have begun working with another hacking group – ScarCruft. The ScarCruft group also is known as APT37 (Advanced Persistent Threat). They have carried out attacks against Middle Eastern targets, but most of their victims are located in South Korea. The ScarCruft hacking group does not go after everyday users - their efforts are concentrated on individuals in prestigious positions or large organizations.
Usually, the ScarCruft hacking group uses email campaigns to propagate their hacking tools. More specifically, they make sure the emails they send out to their targets look as believable and legitimate as possible. These emails would have an attached document, which is likely to be macro-laced. The message in the email would attempt to convince the user to execute the seemingly harmless attachment. This is how the user will give the green light to the unsafe payload stored in the corrupted attachment.
Able to Collect Data and Plant Additional Malware
The SLOWDRIFT threat, in particular, can be classified as a Trojan downloader. This hacking tool is meant to infiltrate the host and begin collecting information about the system. The data that the SLOWDRIFT Trojan is after is general information regarding the hardware and software of the infected host. Then, the data in question will be transferred to the operators of the SLOWDRIFT Trojan. This helps the ScarCruft hacking group determine how to continue the attack, and more specifically, which one of their other hacking tools would be most suitable for deployment as a second-stage payload. The SLOWDRIFT Trojan downloader serves as a gateway for the attackers to plant a more severe threat on the compromised system. Cybersecurity experts have determined that so far, the ScarCruft hacking group has used the SLOWDRIFT Trojan downloader to plant the ZUMKONG infostealer on their targeted computers.
The APT37 group is a rising star in the dark world of cyber crooks. If they continue improving their tools and techniques, they may soon be considered on the level of their fellow North Koreans dealing in the same sector - the infamous Lazarus hacking group.
Do You Suspect Your PC May Be Infected with SLOWDRIFT & Other Threats? Scan Your PC with SpyHunterSpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like SLOWDRIFT as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Security Doesn't Let You Download SpyHunter or Access the Internet?Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
- Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
- Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
- Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
- IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.