The North Korean state-sponsored hacking group known as ScarCruft (aka APT37) has been observed using spear-phishing messages impersonating Microsoft Account security notifications to deliver malware called NarwhalRAT.
« The attack email contained a message impersonating an MS account security alert, » the Genians Security Center (GSC) said. « It was designed to create concern over possible