North Korea-linked ScarCruft APT adds Bluetooth Harvester to its arsenal

North Korea-linked ScarCruft APT adds Bluetooth Harvester to its arsenal

The North Korea-linked APT group ScarCruft (aka APT37 and Group123) continues to expand its arsenal by adding a Bluetooth Harvester.


North Korea-linked APT group ScarCruft (aka APT37, Reaper, and Group123) continues to expand its arsenal by adding a Bluetooth Harvester.


ScarCruft has been active since at least 2012, it made the headlines in early February 2018 when researchers revealed that the APT group leveraged a zero-day vulnerability in Adobe Flash Player to deliver malware to South Korean users.


Kaspersky first documented the operations of the group in 2016. Cyber attacks conducted by the APT37 group mainly targeted government, defense, military, and media organizations in South Korea.


FireEye linked the APT37 group to the North Korean government based on the following clues:


the use of a North Korean IP;
malware compilation timestamps consistent with a developer operating in the North Korea timezone (UTC +8:30) and follows what is believed to be a typical North Korean workday;
objectives that align with Pyongyang’s interests(i.e. organizations and individuals involved in KoreanPeninsula reunification efforts);

Researchers from FireEye revealed that the nation-state actor also targeted entities in Japan, Vietnam, and even the Middle East in 2017. The hackers targeted organizations in the chemicals, manufacturing, electronics, aerospace, healthcare, and automotive sectors.


Past attacks associated with the ScarCruft APT group involved zero-day vulnerabilities, anyway Kaspersky researchers pointed out that threat actors also used public exploits in its campaigns.


On April 2018, ScarCruft APT added a mor ..