The North Korean hacking group APT37, also known as ScarCruft, has been linked to a sophisticated social engineering campaign that employs Facebook as a primary vector for malware distribution. By adding potential targets as friends on the platform, the group successfully built a facade of trust before delivering a remote access trojan (RokRAT). This multi-stage approach underscores the evolving tactics of cyber adversaries in leveraging social media dynamics for malicious purposes.
For businesses, this development signals a need for enhanced vigilance regarding social media interactions. Employees must be educated on the dangers of accepting friend requests from unknown entities and the potential risks associated with sharing personal information online. Companies should consider implementing stricter social media policies and investing in training programs to mitigate the risks posed by social engineering attacks. As cyber threats continue to evolve, understanding the intersection of social media and cybersecurity is critical for safeguarding sensitive data and maintaining operational integrity.
---
*Originally reported by [The Hacker News](https://thehackernews.com/2026/04/north-koreas-apt37-uses-facebook-social.html)*