At the end of 2017, the group also carried out an attack campaign targeting North Korean human rights organization officials and journalists from North Korean media outlets to induce the installation of malicious APKs through KakaoTalk, the most popular messenger in South Korea. The Scarcruft Group (aka APT37), a North Korean APT group, is believed to have been active since 2016 and continues to carry out attacks against institutions and political organizations around the world until 2023. RambleOn) has been used by the Scarcruft APT group since at least 2019 to target Android devices. FCM is a service that specializes in message delivery within Firebase and was also used in the mobile malware used by the Kimsuky group that we disclosed last year.