ScarCruft Korean-speaking APT is changing up its espionage tactics to include an unusual piece of malware devoted to harvesting Bluetooth information. In its latest observed campaign, there were also overlaps in victimology with the DarkHotel APT. The group used a multi-stage process to update each of its malware modules effectively while also evading detection. The researchers said that spear-phishing and the use of various public exploits remain Scarcruft s go-to initial attack vectors.
Source: https://threatpost.com/scarcruft-apt-bluetooth-harvester/144643/