ScarCruft created an unusual type of malware: a Bluetooth device harvester. The malware steals Bluetooth device information using Windows Bluetooth APIs to find information on connected Bluetooth devices. The information is then fetched by a downloader.
This APT group was first spotted by Kaspersky researchers in 2016 and primarily utilizes zero-day exploits to launch sophisticated attacks. It primarily targets organizations and companies with links to the Korean peninsula to gather intelligence for political and diplomatic purposes. Victims have been observed in Russia, Nepal, South Korea, China, India, Kuwait and Romania, and their backdoors are typically delivered via spearphishing and Strategic Web Compromises.