North Korean cyber-espionage group ScarCruft adds ransomware in recent attack therecord.media/scarcruft…

The North Korean state-backed hacker group tracked as ScarCruft recently took the unusual step of infecting targets with ransomware alongside other malicious files, researchers said.

ScarCruft, primarily known for cyber-espionage campaigns against high-profile individuals and government entities, used “newly observed” ransomware as part of the operation, analysts at South Korean cybersecurity firm S2W said in a report on Thursday.

The researchers labeled the ransomware VCD after the extension it appends to the names of encrypted files. It drops two versions of its ransom note, one in English and the other in Korean, the researchers said.

ScarCruft’s use of ransomware “suggests a potential shift toward financially motivated operations, or an expansion of operational goals that now include disruptive or extortion-driven tactics,” S2W said.