Apt37 is a apt_group tracked across 16 threat clusters and 31 intelligence report mentions on ThreatCluster. First observed November 10, 2025; most recent activity June 15, 2026.
A sophisticated backdoor malware named Firestarter has been discovered on Cisco Firepower devices, attributed to the state-sponsored threat actor UAT-4356. The malware exploits two vulnerabilities, CVE-2025-20333 and…
ESET researchers reported a supply-chain attack by the North Korean APT group ScarCruft, targeting a gaming platform in the Yanbian region of China. The attack, ongoing since late 2024, involved trojanizing both Windows…
A new malware named NarwhalRAT has been discovered targeting Korean users through phishing emails impersonating the Microsoft security team. The malware, linked to the North Korean hacking group APT37, can perform over…
APT37, a North Korean state-sponsored threat group, has initiated a new targeted intrusion campaign aimed at defense-related entities. The attack utilizes social media platforms like Facebook and encrypted messaging…
North Korea-linked hackers from the Konni group executed a spear-phishing campaign utilizing the KakaoTalk messaging platform to distribute malware and steal sensitive information. The campaign involved sending emails…
Recent cybersecurity reports detail the exploitation of software vulnerabilities in client applications, particularly targeting web browsers and Microsoft Office. Adversaries utilize techniques such as Drive-by…
A new supply chain attack, dubbed 'Mini Shai-Hulud', has compromised multiple npm packages related to SAP's Cloud Application Programming Model (CAP). This attack involves injecting malicious preinstall scripts into…
North Korean threat group APT37 has initiated a campaign named Ruby Jumper, utilizing new custom malware to target air-gapped systems, which are typically isolated from the internet. This marks a significant advancement…
Recent reports detail the tactics employed by various cyber adversaries to enumerate files and directories on compromised systems. Adversaries utilize command shell utilities and custom tools to gather sensitive…
A North Korea-linked hacking group has executed a new cyberattack capable of remotely controlling Android smartphones and PCs, leading to data deletion and malware distribution. The attack, attributed to groups Kimsuky…