Korean APT Adds Rare Bluetooth Device-Harvester Tool

Korean APT Adds Rare Bluetooth Device-Harvester Tool
ScarCruft has evolved into a skilled and resourceful threat group, new research shows.

ScarCruft, an advanced persistent threat group known for attacking organizations with links to the Korean peninsula, has become more dangerous.


An analysis of recent data associated with the group shows that it has acquired new tools and is testing new exploits in preparation for future campaigns, Kaspersky Lab said Monday.


Telemetry associated with ScarCruft shows that the threat actor has also developed an interest in attacking mobile devices and has increasingly begun adapting legitimate tools and services in its espionage campaigns.


One of the new tools that ScarCruft has developed is a rare Bluetooth device-harvester designed to collect the names and addresses of Bluetooth devices, device type, whether it is connected, and whether it requires authentication. The malware leverages the Windows Bluetooth API to fingerprint Bluetooth devices, Kaspersky Lab ..