Headline
North Korean State Actors Deploying Novel Malware to Spy on Journalists
Spear-phishing campaign loaded with new “Goldbackdoor” malware targeted journalists with NK News, analysts found.
New analysis has attributed a spear-phishing campaign targeting journalists covering North Korea to APT37/Ricochet Chollimia, a state-backed group linked to the Democratic People’s Republic of Korea (DPRK). Notably, researchers said the group is deploying a novel malware strain called Goldbackdoor, a variation of Bluelight malware previously attributed to APT37.
According to a report from researchers at Stairwell, multiple phishing emails were sent to NK News on Mar. 18 that appeared to be from the personal email address of the previously compromised former head of of the South Korean National Intelligence Service, and contained Goldbackdoor malware. NK News handed over the information to Stairwell for further investigation, the cybersecurity firm said.
“Due to the sensitive nature of journalists’ work, they are often targets of surveillance and malware, intent on stealing information, ferreting out sources or even destroying evidence and scaring the reporters into not publishing stories,” Erich Kron, security awareness advocate at KnowBe4, said in response to the news. “In regimes like North Korea, where news is tightly controlled by the state, articles or information that paints the leadership or government in a negative light is treated as a serious threat to national security.”
Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Subscribe
Related news
A China-linked government-sponsored threat actor has been observed targeting Russian speakers with an updated version of a remote access trojan called PlugX. Secureworks attributed the attempted intrusions to a threat actor it tracks as Bronze President, and by the wider cybersecurity community under the monikers Mustang Panda, TA416, HoneyMyte, RedDelta, and PKPLUG. "The war in Ukraine has
A campaign by APT37 used a sophisticated malware to steal information about sources , which appears to be a successor to Bluelight.