Ransomware cyber

South Korean Postal Service

Aug 7, 2025 1 min read
South Korean Postal Service

The North Korean state-sponsored APT group ScarCruft launched a sophisticated malware campaign targeting South Korean users through a deceptive postal-code update notice. The attack involved a multi-stage infection process, including the deployment of ransomware (VCD Ransomware) alongside traditional espionage tools. The campaign utilized advanced techniques such as Rust-based backdoors and legitimate real-time messaging services for command-and-control, marking a significant evolution in ScarCruft's operational capabilities. The attack compromised user data and introduced ransomware, posing a severe threat to both financial and operational security.

Source: https://cybersecuritynews.com/scarcruft-hacker-group-launched-a-new-malware-attack/

TPRM report: https://www.rankiteo.com/company/komsco

"id": "kom917080725",
"linkid": "komsco",
"type": "Ransomware",
"date": "8/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'location': 'South Korea',
                        'type': 'Individuals, Organizations'}],
 'attack_vector': 'Malicious LNK file embedded in a RAR archive, disguised as '
                  'a postal service notification',
 'description': 'The North Korean state-sponsored Advanced Persistent Threat '
                '(APT) group ScarCruft has launched a sophisticated new '
                'malware campaign targeting South Korean users through a '
                'deceptive postal-code update notice. This campaign includes '
                'ransomware and advanced espionage tools, showcasing '
                "significant evolution in the group's operational "
                'capabilities.',
 'initial_access_broker': {'backdoors_established': 'NubSpy, CHILLYCHINO',
                           'entry_point': 'Malicious LNK file in a RAR '
                                          'archive'},
 'motivation': 'Espionage, Financial Gain',
 'ransomware': {'data_encryption': 'Files encrypted with .VCD extension',
                'ransomware_strain': 'VCD Ransomware'},
 'references': [{'source': 'Medium'}],
 'threat_actor': 'ScarCruft (APT group), ChinopuNK (subgroup)',
 'title': 'ScarCruft Malware Campaign Targeting South Korean Users',
 'type': 'Malware Campaign, Ransomware, Espionage'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.