Recognizing the Bluetooth devices connected to a computer running Windows is the goal of a new hacker tool, which has been used by a Korean group that has operated at least since 2016 against political, economic and diplomatic targets. Malware discovered by Kaspersky Lab’s experts is capable of detecting devices connected by technology, also discovering data such as class, addresses and authentications required, as well as their character as known or not.
It would be, in the view of the experts, a proof that ScarCruft hackers would be revitalizing their focus, always on computers and mobile devices. Through the Bluetooth connection, they could try to access devices connected not only to PCs but also to cell phones, gaining even more access to the targets of their targeted attacks, which has been registered for two years in countries in Asia and Europe.
In union with other tools already used by the intruders, it would also be possible to intercept connections and gain access to privileged information, which can be very useful for the governments for which the group works. ScarCruft uses e-mails as the main vectors of its attacks, posing as services used by targets or even by the organization itself, in scams that involve social engineering and a high level of sophistication, consistent with the level of sensitivity of the information they try to extract.
Among the group’s already registered targets are a diplomatic agency in Hong Kong and another in North Korea, as well as investment firms from Russia and Vietnam. Politicians, activists and journalists traveling to some of these countries have also reported having been targeted by malware sent by the group, which would link to different governments, often from the countries where they carry out their attacks, not demonstrating alignment or direct roots in the departments of digital security of any of them.
The alert issued by Kaspersky is valid for people who may be of interest to hackers and are visiting such regions, where the networks are more restricted and, therefore, monitored not only by official agents. The ideal, experts say, is to maintain vigilance and caution when it comes to accessing the internet, especially in public places, and keeping a keen eye on accessed sites or communications received by email, especially if they bring download links or access to services.