North Korea-aligned APT group ScarCruft compromises gaming platform in supply‑chain espionage attack, ESET Research finds

ESET Research has discovered a sophisticated supply-chain attack orchestrated by ScarCruft, a North Korea-aligned advanced persistent threat (APT) group, targeting a gaming platform popular in China's Yanbian region. The attack, believed to be ongoing since late 2024, involved compromising both Windows and Android components of a video game platform that hosts Yanbian-themed games, with the threat actors trojanizing legitimate software to distribute their malware to unsuspecting users. The campaign centers on a backdoor that ESET researchers have dubbed "BirdCall," which was previously known to target only Windows systems but has now been adapted for Android devices as part of this multiplatform assault. The geographic targeting is particularly significant, as the Yanbian region serves as home to ethnic Koreans and functions as a critical crossing point for North Korean refugees and defectors, suggesting the attack may be part of broader espionage operations aimed at monitoring or tracking individuals of interest to the North Korean regime. This supply-chain compromise represents a concerning evolution in ScarCruft's tactics, demonstrating the group's ability to infiltrate legitimate software distribution channels and expand their malware capabilities across multiple operating systems. The attack underscores the growing sophistication of nation-state actors in leveraging gaming platforms and entertainment software as vectors for espionage operations.