The APT37 threat organisation targets people for information gathering using the new elusive “M2RAT” malware and steganography. APT37, also known as “RedEyes” or “ScarCruft,” is a North Korean hacker collective said to be funded by the government.
The hacker gang was observed in 2022 using Internet Explorer zero-day vulnerabilities to distribute a wide range of malware against selected companies and people. Researchers describe how APT37 is now deploying a new malware strain named “M2RAT,” which uses a shared memory region for instructions and data exfiltration and leaves very little operating traces on the compromised computer, in a new report published today by AhnLab Security Emergency response Center (ASEC).