ScarCruft

  • First known sample

    2016
  • Discovery

    2016
  • Current status

    Active
  • Type

    APT
  • Targeted platforms

    Windows
  • TOP targeted countries

    China , India , Kuwait , Nepal , Romania , Russia , South Korea
SCARCRUFT

More about the ScarCruft group, its tactics, techniques, procedures and tools

Learn more
  • The way of propagation

    Exploits
  • Special features

    ScarCruft created an unusual type of malware: a Bluetooth device harvester. The malware steals Bluetooth device information using Windows Bluetooth APIs to find information on connected Bluetooth devices. The information is then fetched by a downloader.

  • Targets

    Diplomatic organizations/embassies , High-profile targets with links to the Korean peninsula
  • Artefacts/Attribution

    Korean-speaking

  • Description

    This APT group was first spotted by Kaspersky researchers in 2016 and primarily utilizes zero-day exploits to launch sophisticated attacks. It primarily targets organizations and companies with links to the Korean peninsula to gather intelligence for political and diplomatic purposes. Victims have been observed in Russia, Nepal, South Korea, China, India, Kuwait and Romania, and their backdoors are typically delivered via spearphishing and Strategic Web Compromises.

    Additional information