ScarCruft APT Develops Malware to Target Bluetooth
May 13, 2019 / Kacy Zurkus
Researchers have been monitoring the Korean-speaking threat actor known as ScarCruft and have reportedly discovered that new tools are being developed. According to Kaspersky Lab, ScarCruft is testing tools using code that can identify connected Bluetooth devices in order to steal information from targeted victims. In addition, researchers reported that they observed similarities between the victims of ScarCruft’s most recent threat campaigns and those victims of the notorious Korean-speaking DarkHotel group. “The ScarCruft group uses common malware delivery techniques such as spear phishing and Strategic Web Compromises (SWC). As in Operation Daybreak, this actor performs sophisticated attacks using a zero-day exploit. However, sometimes using public exploit code is quicker and more effective for malware authors. We witnessed this actor extensively testing a known public exploit during its preparation for the next campaign,” researchers wrote.