Hacking campaigns have all end goal sorts - collecting money, causing intentional destruction or simply wreaking havoc for a laugh. Some hackers, though, use their skills to collect information, which can then be used in harmful operations. This is the case with the SOUNDWAVE malware. This threat belongs to the arsenal of the ScarCruft hacking group. This group of highly-skilled individuals hails from North Korea and also is known as APT37 (Advanced Persistent Threat). Cybersecurity experts at large believe that the ScarCruft hacking group is working for the North Korean government and is used as an attack vector against perceived enemies of the regime. This explains why most of the victims of the APT37's threatening campaigns are South Korean. This hacking group is known to attack individuals on high-ranking positions and government or military-related organizations.
The malware in question today operates on the down-low and is not meant to be destructive to the host. Instead, it serves as a tool in espionage-related operations. The SOUNDWAVE malware is capable of infiltrating a targeted system, hijacking the microphone of the victim, and using it to record audio. The malware also makes sure to connect to its operators' C&C (Command & Control) server, as this is the means of receiving commands from the ScarCruft hacking group. The audio recorded in this operation is then stored in a '.log' file, which will then be transferred to the C&C of the ScarCruft hacking group. The SOUNDWAVE malware is capable of recording up to 100 minutes of audio. Unlike other hacking tools from the APT37 group's arsenal, this malware does not have any additional capabilities and only serves as a reconnaissance tool.
The ScarCruft hacking group is expanding its arsenal of tools rapidly and will likely continue wreaking havoc and making headlines in the future.