Government-backed North Korean hackers are posting convincing U.S. military job recruitment documents to lure Korean-speaking victims into downloading malware staged from legitimate but compromised South Korean websites, according to security researchers.
Due to the targets and type of attack, the cybersecurity firm Securonix dubbed this campaign STARK#MULE. They believe that APT37, a North Korean hacking group or other similar organizations, is likely behind the campaign, which is linked to the Ministry of State Security and focuses on attacking South Korean targets.