The North Korean hacking group tracked as APT37 (aka ScarCruft) has been attributed to a fresh multi-stage, social engineering campaign in which threat actors approached targets on Facebook and added them as friends on the social media platform, turning the trust-building exercise into a delivery channel for a remote access trojan called RokRAT. "The threat actor used two Facebook
source https://thehackernews.com/2026/04/north-koreas-apt37-uses-facebook-social.html
source https://thehackernews.com/2026/04/north-koreas-apt37-uses-facebook-social.html
