North Korean Hacking Group ‘APT37’ Distributes Malware
Disguised as Shortcut for Infiltration... Special Caution Required
North Korean hacking groups are distributing malicious code using Windows shortcut files, prompting the need for caution.
According to domestic security company AhnLab on the 23rd, the North Korean hacking group ‘APT37’ has recently been distributing the malicious code RokRAT through Windows shortcut files with the extension ‘*.link’.
RokRAT collects user information and can additionally download malicious code, which may cause secondary damage if infected. RokRAT has previously been distributed through Hangul and Word documents.
The lnk filenames confirmed so far include ‘230407jeongboji.lnk’, ‘2023nyeondo 4wol 29il seminar.lnk’, ‘2023nyeondo gaeinpyeongga silsi.hwp.lnk’, ‘buk oegyo gwan seonbalpadang mit haeo gonggwan.lnk’, and ‘bukhan oegyo jeongchaek gyeoljeong gwajeong.lnk’.
The lnk files identified this time contain PowerShell commands, a programming language natively installed on Windows. They operate by creating and executing script files alongside legitimate files in the temporary folder path to perform malicious actions.
AhnLab urged, “RokRAT malware has been steadily distributed since the past and is spread not only through Word documents but also through various file formats, so users need to exercise special caution.”
Meanwhile, APT37, identified as the distributor, is a group that has attacked domestic North Korea-related organizations and defense sector personnel using the latest security vulnerabilities. It is known by various names such as ‘Geumseong121’, ‘Skarkraft’, ‘RedEyes’, and ‘Group123’.
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
![Clutching a Stolen Dior Bag, Saying "I Hate Being Poor but Real"... The Grotesque Con of a "Human Knockoff" [Slate]](https://cwcontent.asiae.co.kr/asiaresize/183/2026021902243444107_1771435474.jpg)
