North Korean APT37 was spotted using a highly evasive M2RAT malware and steganography to target individuals for intelligence collection. It exploits an old EPS bug, tracked as CVE-2017-8291, in the Hangul word processor (commonly used in South Korea). The malware uses a shared memory region for executing commands and exfiltrating data from infected machines.