North Korea's APT37 Uses Facebook Social Engineering to Deliver RokRAT Malware
Summary
North Korean APT group APT37 has been observed conducting a social engineering campaign using Facebook. Threat actors befriend targets on the platform to build trust and then use this relationship to deliver the RokRAT malware.
IFF Assessment
FOE
This campaign highlights a sophisticated social engineering tactic by a known threat actor to deliver malware, posing a direct threat to targeted individuals and organizations.
Defender Context
Defenders should be aware of advanced social engineering tactics employed by state-sponsored groups, particularly those leveraging social media platforms like Facebook for initial access. Training users to be skeptical of unsolicited friend requests and suspicious links, even from seemingly trusted sources, is crucial.