all InfoSec news
LABScon Replay | InkySquid: The Missing Arsenal
Malware Analysis, News and Indicators - Latest topics malware.news
InkySquid (aka Group123, APT37) is an infamous threat actor linked to North Korea that has been active for at least 10 years. This actor is known to use social engineering in order to breach targets and exploit n-day vulnerabilities in Hangul Word Processor (HWP), as well as browser-based technologies.
One of the most documented intrusion sets used by this actor is RoKRAT, a Windows RAT using cloud providers as C2 servers. In this presentation, Paul Rascagneres discusses a macOS …
actor apt37 arsenal breach browser cloud engineering exploit hangul intrusion korea labscon malware analysis missing north north korea order processor rat replay rokrat servers social social engineering technologies threat threat actor vulnerabilities windows word