Large LNK files leveraged for RokRAT malware deployment

Microsoft's implementation of default macro blocking across Office documents has prompted North Korean state-sponsored threat operation Scarcruft, also known as APT37, Nickel Foxcroft, RedEyes, InkySquid, Ricochet Chollima, and Reaper, to leverage oversized LNK files to facilitate RokRAT malware delivery since last July, according to The Hacker News.

apt37 blocking default delivery deployment documents files hacker july large lnk macro malware microsoft nickel north north korean office redeyes ricochet rokrat rokrat malware scarcruft sponsored state threat threat intelligence