CyberNews: 01/09/2025 Edition
Today’s roundup
- ScarCruft Uses RokRAT Malware in Operation HanKook Phantom Targeting South Korean Academics
- Ransomware Attack on Pennsylvania’s AG Office Disrupts Court Cases
- Amazon Stops Russian APT29 Watering Hole Attack Exploiting Microsoft Auth
- Salesloft Attacks Target Google Workspace
- WhatsApp Patches Zero-Day, Zero-Click Flaw
Summary
North Korea-linked ScarCruft (APT37) deployed RokRAT malware in Operation HanKook Phantom, using phishing emails with malicious LNK files disguised as academic newsletters to target South Korean researchers and ex-officials, exfiltrating data via cloud services. Pennsylvania’s Attorney General confirmed a ransomware attack disrupted court operations after refusing ransom demands. Amazon thwarted Russian APT29’s Microsoft authentication exploitation in a watering hole attack aimed at broadening intelligence collection. Adversaries compromised Google Workspace accounts by exploiting Salesloft Drift’s Salesforce integration. WhatsApp addressed a critical zero-day, zero-click vulnerability tied to sophisticated attacks, though details remain undisclosed.