Cybersecurity researchers have discovered a new phishing campaign undertaken by the North Korea-linked hacking group called ScarCruft (aka APT37) to deliver a malware known as RokRAT.

The activity has been codenamed Operation HanKook Phantom by Seqrite Labs, stating the attacks appear to target individuals associated with the National Intelligence Research Association, including academic figures, former government officials, and researchers.

"The attackers likely aim to steal sensitive information, establish persistence, or conduct espionage," security researcher Dixit Panchal said in a report published last week.

The starting point of the attack chain is a spear-phishing email containing a lure for "National Intelligence Research Society Newsletter—Issue 52," a periodic newsletter

See Full Page