Threat Intelligence Report

APT37’s Pretexting-Based Targeted Intrusion: Analysis of Facebook Reconnaissance and Software Tampering Attacks

📅 April 14, 2026 📰 www.genians.co.kr 🔍 0 CVE(s) referenced

APT37 orchestrated a sophisticated, multi-stage intrusion campaign by leveraging Facebook-based social engineering to build trust, tricking targets into installing a tampered PDF viewer that executed shellcode, and then covertly delivering follow-on payloads and exfiltrating data via legitimate cloud services and image-disguised network traffic, highlighting the group’s advanced evasion and persistence tactics.

vendor

🔐 Sign In to Read Full Report

You'll need to accept our Terms of Service to access the platform.

📊 Visual Mindmap

🎯 IOC Extraction

⚔️ MITRE ATT&CK TTPs

📦 STIX 2.1 Bundle