ScarCruft Hacks Gaming Platform to Deploy BirdCall Malware on Android and Windows
Summary
North Korea-aligned ScarCruft has launched a supply chain attack by compromising a video game platform. This compromise allowed them to deploy the BirdCall malware, a backdoor, onto both Android and Windows systems, with a likely focus on ethnic Koreans in China.
IFF Assessment
FOE
This is bad news for defenders as it indicates a sophisticated supply chain attack by a state-sponsored threat actor using malware to target specific ethnic groups.
Defender Context
Defenders should be vigilant about the risks associated with supply chain attacks, particularly those targeting gaming platforms or software with a wide user base. Monitoring for the deployment of the BirdCall malware and similar backdoors on both Windows and Android systems is crucial.