APT37, also known as ScarCruft or RedEyes, is described as a North Korean espionage group active since at least 2012, with primary targeting in South Korea and operations also reported in Japan, Vietnam, Russia, Nepal, China, India, Romania, Kuwait, and the Middle East. The advisory highlights recent RedEyes activity distributing RokRAT through LNK files after earlier CHM lures impersonated Korean financial security email. RokRAT collects host data, runs additional payloads, exfiltrates information, and uses cloud services such as Dropbox, pCloud, Yandex Cloud, and OneDrive for C2 to blend with legitimate traffic. The source provides active hash IOCs for hunting.