APT37 is running a new social-engineering-driven cyber‑espionage campaign that abuses Facebook, Telegram, and a trojanized Wondershare PDFelement installer to deliver a RokRAT‑like backdoor and exfiltrate sensitive data via Zoho WorkDrive. The operation shows a clear evolution of APT37’s long‑standing TTPs toward social‑network reconnaissance, tampered installers, and multi‑stage, fileless payload delivery. APT37 Shifts To Facebook and […] The post APT37 Uses Facebook, Telegram, and Trojanized Installer In New Intrusion Campaign appeared first on Cyber Security News.