North Korea-linked APT37 uses Facebook and social engineering to deliver malware targeting victims through fake job offers and chats.
A North Korea-linked hacking group known as APT37 has been observed using Facebook as part of a new social engineering campaign to deliver malware to targeted victims.
Security researchers say the group is leveraging fake profiles and conversations to build trust with targets, often posing as recruiters or professionals offering job opportunities. Once contact is established, victims are tricked into downloading malicious files disguised as legitimate documents.
The attack typically begins with direct messages sent via Facebook, where attackers engage in extended conversations to increase credibility. Victims are then directed to download files that contain hidden malware payloads.
According to the report, the campaign is consistent with APT37’s history of cyber espionage, often targeting individuals and organizations of strategic interest, including those in government, defense, and technology sectors.
The malware used in the attacks is designed to steal sensitive information, monitor activity, and maintain persistent access to infected systems. In some cases, attackers use multiple stages of infection to avoid detection and improve success rates.
Researchers warn that social media platforms are increasingly being used as initial access vectors, as attackers exploit trust and human interaction rather than relying solely on technical vulnerabilities.
The activity highlights the evolving tactics of state-linked threat actors, who continue to refine social engineering techniques to bypass traditional security defenses.
Users are advised to be cautious when receiving unsolicited messages, especially those involving job offers or file downloads, and to verify the identity of contacts before engaging or opening attachments.
Reports are sourced from official documents, law-enforcement updates, and credible investigations.
Discover additional reports, market trends, crime analysis and Harm Reduction articles on DarkDotWeb to stay informed about the latest dark web operations.
