North Korean ScarCruft Hackers Exploit LNK Files to Spread RokRAT

According to a report dated June 1, 2023, cybersecurity researchers have analyzed the RokRAT Trojan used by ScarCruft, a North Korean cyberespionage group. 

RokRAT enables unauthorized access, exfiltration of sensitive data and persistent control of compromised systems. ScarCruft focuses on targets in South Korea, using social engineering and vulnerabilities in Hancom Hangul Word Processor to deploy RokRAT. 

RokRAT enables metadata collection, screen capture, remote command execution and file exfiltration. Recently, spear-phishing attacks have been observed using LNK files to deploy RokRAT. 

ASEC reported a ScarCruft attack using a Windows executable masked as a Hangul document to drop malware with an external URL link. 

Read more about it: here