North Korea's APT37 hacking group has launched a sophisticated social engineering campaign, leveraging Facebook to deliver the RokRAT remote access trojan to unsuspecting targets. By posing as friends and building trust, the threat actors manipulate victims into installing the malware, which grants attackers extensive control over compromised systems. This multi-stage attack underscores the evolving tactics of state-sponsored threat groups, who increasingly exploit social media platforms to breach defenses. The use of Facebook as a delivery channel highlights the importance of vigilance in online interactions, particularly in the context of geopolitical threats. The shift from criminal to state-aligned activity necessitates a distinct threat model, as nation-state actors often possess greater resources and motivations1. This development matters to cybersecurity practitioners, as it emphasizes the need to adapt threat detection and response strategies to account for the unique characteristics of state-sponsored attacks.