SlowMist: Hacker group APT37 hides malware in JPEG image files to launch attacks

APT37, a North Korean-linked hacker group, launched attacks by hiding malware within JPEG image files. This malware employed a two-stage encrypted shellcode injection method to hinder analysis. The attackers exploited shortcut files with a .lnk extension and embedded Cmd or PowerShell commands within them to execute the attack. Efficient EDR monitoring optimized for detecting anomalous endpoint behavior is now crucial.