Skip to main content

North Korean State Actors Deploying Novel Malware to Spy on Journalists

posted onApril 25, 2022
by l33tdawg
Dark Reading
Credit: Dark Reading

New analysis has attributed a spear-phishing campaign targeting journalists covering North Korea to APT37/Ricochet Chollimia, a state-backed group linked to the Democratic People's Republic of Korea (DPRK). Notably, researchers said the group is deploying a novel malware strain called Goldbackdoor, a variation of Bluelight malware previously attributed to APT37.

According to a report from researchers at Stairwell, multiple phishing emails were sent to NK News on Mar. 18 that appeared to be from the personal email address of the previously compromised former head of of the South Korean National Intelligence Service, and contained Goldbackdoor malware. NK News handed over the information to Stairwell for further investigation, the cybersecurity firm said.

 

Source

Tags

Industry News

You May Also Like

Recent News

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th

Friday, June 7th