Name: VCD Ransomware
Start: 2025-08-07

VCD Ransomware

#VCD • 2025-08

Unknown

#FinancialGain

S2W TALON attributed a South Korea-focused postal-code update lure campaign to ChinopuNK, a ScarCruft subgroup, with malicious LNK files in RAR archives dropping an AutoIt loader and retrieving follow-on payloads from external infrastructure. The payload set included VCD ransomware alongside NubSpy, LightPeek, TxPyLoader, FadeStealer, and the Rust-based CHILLYCHINO backdoor, showing ScarCruft expanding from espionage tradecraft into ransomware deployment and modernized malware development.

1

Related Reports
0

Affected Countries
10

Months Since

Related Actors

Scarcruft

Kaspersky

Operation Daybreak

First seen: 2016-06 • Last seen: 2026-05

Related Reports

2025-08-07

S2W

ScarCruft’s New Language: Whispering in PubNub, Crafting Backdoor in Rust, Striking with Ransomware

#Scarcruft #Ransomware #LNK #ChinopuNK #DogpuNK #puNK-006 #VCD

« Back