The Reveal Platform
Intel Name: Analysis of apt37 attack case disguised as a think tank for national security strategy in south korea (operation. toybox
Date of Scan: November 13, 2025
Impact: High
Summary: APT37, a North Korea–linked threat group, conducted a social engineering campaign masquerading as an academic forum invitation from a South Korean national security think tank. The lure referenced a real event titled “Trump 2.0 Era: Prospects and South Korea’s Response” to gain credibility. Attackers delivered malicious LNK files via Dropbox, which also served as the command-and-control (C2) channel, continuing APT37’s past pattern of leveraging pCloud and Yandex for C2 operations. The campaign highlights the need for EDR-based anomaly detection to identify and mitigate fileless attack techniques.
