Signal
North Korean hackers trojanize gaming platform to spy on ethnic Koreans in China
Evidence first: scan the strongest sources, then decide whether to go deeper.
Published 2026-05-05 09:00 UTCUpdated 2026-05-06 00:38 UTC
rss
cveexploitsmalwarethreat_actorssecurity_toolingincident_response
Trend in the last 24h
Source links open
Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.
No card needed for the free brief.
Evidence trail (top sources)
top sources (4 domains)domains are deduped. counts indicate coverage, not truth.4 top sources shown
Overview
Since late 2024, the North Korea-aligned hacking group ScarCruft (also known as APT37 or Reaper) has conducted a supply chain attack on sqgame.net, a gaming platform popular among ethnic Koreans in China, including refugees and defectors.
Entities
ESETSqgameScarCruftAPT37ReaperBirdCall
Score total
1.53
Momentum 24h
5
Posts
5
Origins
5
Source types
1
Duplicate ratio
0%
Why now
- The campaign has been active since late 2024 but was publicly reported in early May 2026.
- The attack includes both Windows and Android platforms, expanding the threat surface.
- Increased geopolitical tensions make espionage targeting ethnic Koreans in China especially sensitive.
Why it matters
- Targets a vulnerable ethnic community including refugees and defectors, raising human rights and privacy concerns.
- Demonstrates evolving North Korean espionage tactics using supply chain attacks on trusted software.
- Highlights risks in gaming platforms as vectors for malware and espionage.
LLM analysis
Topic mix: lowPromo risk: lowSource quality: medium
Recurring claims
- ScarCruft trojanized a gaming platform to spy on ethnic Koreans in China using BirdCall malware.
How sources frame it
- Help Net Security: neutral
All evidence
All evidence
North Korean hackers targeted ethnic Koreans in China with Android ‘BirdCall’ malware
The Record (Recorded Future News) · therecord.media · 2026-05-06 00:38 UTC
North Korean APT Targets Yanbian Gamers via Trojanized Platform
Infosecurity Magazine · infosecurity-magazine.com · 2026-05-05 15:00 UTC
North Koreans Spy on Defectors Via Android Game Apps
BankInfoSecurity · bankinfosecurity.com · 2026-05-05 09:38 UTC
ScarCruft Hacks Gaming Platform to Deploy BirdCall Malware on Android and Windows
The Hacker News · thehackernews.com · 2026-05-05 09:07 UTC
North Korean hackers trojanize gaming platform to spy on ethnic Koreans in China
Help Net Security · helpnetsecurity.com · 2026-05-05 09:00 UTC
Show filters & breakdown
Posts loaded: 0Publishers: 5Origin domains: 5Duplicates: -
Showing 5 / 0
Top publishers (this list)
- The Record (Recorded Future News) (1)
- Infosecurity Magazine (1)
- BankInfoSecurity (1)
- The Hacker News (1)
- Help Net Security (1)
Top origin domains (this list)
- therecord.media (1)
- infosecurity-magazine.com (1)
- bankinfosecurity.com (1)
- thehackernews.com (1)
- helpnetsecurity.com (1)