North Korean state-sponsored hackers, known as ScarCruft, have been using fake Microsoft account security alerts to deploy NarwhalRAT malware through targeted spear-phishing campaigns. The attackers craft emails that mimic legitimate Microsoft notifications, aiming to create concern among recipients about potential security issues with their accounts. These emails are designed to trick victims into taking action, ultimately leading to the installation of the NarwhalRAT malware. This tactic shifts the threat model from traditional criminal activity to a geopolitical one, requiring a different approach to mitigation1. The use of such social engineering techniques by state-sponsored groups highlights the evolving nature of cyber threats. As a result, practitioners must be aware of these tactics and adapt their security strategies to counter such attacks. The involvement of state-sponsored actors like ScarCruft in these campaigns underscores the need for heightened vigilance and a proactive approach to security.