Alerts
Events
DCR
Explore Cyware Products
Alerts
Events
DCR
Go to listing page
ScarCruft Uses RokRAT Malware in Operation HanKook Phantom Targeting South Korean Academics
Malware and Vulnerabilities
September 01, 2025
thehackernews
ScarCruft, a North Korea-linked threat actor, has launched a spear-phishing campaign named Operation HanKook Phantom. The attackers aim to steal sensitive information, establish persistence, and conduct long-term espionage using the RokRAT malware.
Read More
ScarCruft
APT37
ROKRAT
Operation HanKook Phantom
spear phishing
Publisher
Previous
Ransomware Attack on Pennsylvania’s AG Office Disrupts ...
Breaches and Incidents
Next
WhatsApp Patches Zero-Day, Zero-Click Flaw
Malware and Vulnerabilities
/https://cyware-ent.s3.amazonaws.com/public_image/infosecurity-magazine2367b81e-16d9-4afa-acf9-9f4433cf107c.jpg)
/https://cyware-ent.s3.amazonaws.com/public_image/infosecurity-magazine9eb917a1-e451-42a6-9c79-173a4c545e66.jpg)
