VERY IMPORTANT

APT37, a North Korean threat actor, has been observed using new tactics and tools in recent campaigns. They have deployed a Rust-based backdoor named Rustonotto, alongside the existing PowerShell-based Chinotto malware and FadeStealer. The group utilizes Windows shortcut files and help files as initial infection vectors. Their sophisticated attack chain includes spear phishing, Compiled HTML Help file delivery, and Transactional NTFS for stealthy code injection. The threat actor employs a single command-and-control server to orchestrate all components of their malware arsenal. FadeStealer, a surveillance tool, is capable of logging keystrokes, capturing screenshots and audio, tracking devices, and exfiltrating data through password-protected RAR archives.