Redeyes

Threat Actor updated 14 days ago (2024-10-04T04:00:54.572Z)
Download STIX
Preview STIX
RedEyes, also known as APT37, StarCruft, Reaper, InkSquid, BadRAT, ScarCruft, and Ricochet Chollima, is a threat actor group known for its malicious activities. The group has recently deployed a new malware called FadeStealer to pilfer data from compromised systems, which it then sends to a command-and-control (C2) server. This malware, while not considered sophisticated, is designed to steal various types of information that can be used as stepping-stones for future attacks. RedEyes has been spreading these malicious emails related to Cambodian affairs, and in Cambodia's primary language, Khmer, to lure in targets. The group primarily targets specific individuals such as North Korean defectors, human rights activists, and university professors. In a recent campaign, they initiated their attacks through spear-phishing emails containing a Compiled HTML Help File (CHM) disguised as a password-protected document. Another strategy employed by the group includes the use of CloudMensis malware, which persistently attempts to identify where System Integrity Protection (SIP) is disabled to load its own malicious database. ASEC is actively monitoring the activities of the RedEyes group and taking steps to mitigate further damage. Despite the efforts of cybersecurity experts like Liang, who identified Lazarus Group malware attempting to dump the access table from the TCC database, the threat posed by RedEyes remains significant. The state-sponsored group continues to leverage novel malware distribution techniques to target vulnerable individuals and organizations.
Description last updated: 2024-10-04T03:15:45.719Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Reaper is a possible alias for Redeyes. Reaper, also known as APT37, Inky Squid, RedEyes, or ScarCruft, is a threat actor group attributed to North Korea. It deploys ROKRAT, a malicious tool that has been used in cyber exploitation since the 1970s. This group is also tied to the NOKKI malware family, which originated from research surroun
3
ScarCruft is a possible alias for Redeyes. ScarCruft, also known as APT37, Inky Squid, RedEyes, Reaper, or Group123, is a North Korean threat actor group associated with malicious cyber activities. Their actions have been linked to the execution of targeted attacks against individual Android devices, as outlined in a VB2023 paper titled "Int
2
APT37 is a possible alias for Redeyes. APT37, also known as InkSquid, RedEyes, BadRAT, Reaper, ScarCruft, and Ricochet Chollima, is a threat actor suspected to be backed by North Korea. It primarily targets South Korea, but its activities have extended to Japan, Vietnam, the Middle East, and recently Cambodia, across various industry ver
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
State Sponso...
Infostealer
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Redeyes Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more