Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
APT37 Exploits Social Media in New Cyber Attack

APT37 Exploits Social Media in New Cyber Attack

Posted on April 13, 2026 By CWS

A sophisticated cyber attack orchestrated by APT37, a North Korean state-sponsored hacking group, has been uncovered. This campaign leverages social media platforms and encrypted messaging applications, alongside a subtly altered software installer, to breach targets’ defenses. The operation’s seamless imitation of normal online interactions complicates detection efforts, posing significant risks to unsuspecting individuals.

Infiltration via Social Media Platforms

The attack commenced with the creation of two Facebook profiles, ‘richardmichael0828’ and ‘johnsonsophia0414’, purportedly based in Pyongyang and Pyongsong, North Korea. These accounts, established on November 10, 2025, initiated contact through friend requests to carefully chosen individuals. Subsequent conversations through Messenger built rapport, eventually pivoting to discussions focused on military technology.

As trust was secured, communications transitioned to Telegram, allowing the attackers to deliver harmful content under the guise of legitimate exchanges. This phase of the attack relied heavily on pretexting—a social engineering technique that constructs a plausible scenario to manipulate targets into specific actions.

Delivery of Malicious Software

Genians Security Center analysts identified the core of this scheme: a manipulated installation file masquerading as a necessary tool to view encrypted military data. The malicious payload was embedded in a Wondershare PDFelement installer, presented within an encrypted ZIP archive labeled ‘m.zip’, alongside decoy documents to enhance its credibility.

The altered installer, lacking a valid digital signature, closely mimicked the genuine software, employing a filename that suggested enhanced security features. Upon execution, the installer triggered hidden shellcode, establishing a connection with the attackers’ network infrastructure to execute further commands discreetly.

Advanced Techniques and Countermeasures

The attack’s sophistication was evident in its fileless nature; the malware executed without leaving traditional traces on the victim’s system. By employing techniques like PE patching and code cave injection, malicious code was seamlessly integrated into the installer, evading conventional antivirus detection.

Data exfiltration was cleverly masked by utilizing Zoho WorkDrive cloud storage, with the outbound traffic appearing as typical cloud activity. Security experts emphasize the importance of verifying digital signatures on software installers and exercising caution when downloading software from unverified sources.

Organizations, particularly those handling defense or government data, are advised to implement robust endpoint detection solutions. Monitoring for unusual process activities and unexpected cloud service connections, alongside dedicated training programs on social engineering threats, can mitigate risks posed by such sophisticated intrusions.

For continued updates on cybersecurity threats, follow us on Google News, LinkedIn, and X. Set CSN as a preferred source in Google to stay informed.

Cyber Security News Tags:APT37, Cybersecurity, digital signatures, encrypted messaging, Facebook, fileless attack, Genians Security Center, Malware, North Korea, security awareness, social engineering, software installer, Telegram, Threat Actors

Post navigation

Previous Post: CPUID Website Breach Distributes Malicious Software
Next Post: AI Advances Transform Cybersecurity Post-Alert Response

Related Posts

China-Linked Hackers Target Linux Devices with Malware China-Linked Hackers Target Linux Devices with Malware Cyber Security News
AI Accelerates Zero-Day Exploits, Increasing Cyber Risks AI Accelerates Zero-Day Exploits, Increasing Cyber Risks Cyber Security News
2.15M Web Services Running Next.js Exposed Over Internet, Active Exploitation Underway – Patch Now 2.15M Web Services Running Next.js Exposed Over Internet, Active Exploitation Underway – Patch Now Cyber Security News
Arkana Ransomware Claimed to Have Stolen 2.2 Million Customer Records Arkana Ransomware Claimed to Have Stolen 2.2 Million Customer Records Cyber Security News
New EncryptHub Campaign Leverages Brave Support Platform to Deliver Malicious Payloads via MMC Vulnerability New EncryptHub Campaign Leverages Brave Support Platform to Deliver Malicious Payloads via MMC Vulnerability Cyber Security News
AI Tools Facilitate Advanced Phishing Attacks AI Tools Facilitate Advanced Phishing Attacks Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Telegram’s t.me Domain Suspension Disrupts Global Links
  • AI ‘Intelligent Worm’ Threatens Cybersecurity Evolution
  • CISA Alerts on Vulnerabilities in Joomla Extensions
  • AI Systems Under Siege by Internet Scans: MCP Servers at Risk
  • AI-Powered Scripts Exploit Active Directory Vulnerabilities

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Telegram’s t.me Domain Suspension Disrupts Global Links
  • AI ‘Intelligent Worm’ Threatens Cybersecurity Evolution
  • CISA Alerts on Vulnerabilities in Joomla Extensions
  • AI Systems Under Siege by Internet Scans: MCP Servers at Risk
  • AI-Powered Scripts Exploit Active Directory Vulnerabilities

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark