State sponsored hackers operating out of North Korea have been targeting journalists with a novel malware strain, it has been revealed. 

The group, known as APT37, distribute the malware through a phishing attack originally discovered by NK news, a US news site specialising in covering news and providing research and analysis about North Korea, using intelligence from within the country.

APT37, also known as Ricochet Chollima, is suspected to be sponsored by the North Korean government. The NK government is notorious for viewing journalism as a hostile activity, likely utilising the attack to access sensitive information and even unveil journalists sources.

After NK News discovered the attack, they contacted the malware experts at Stairwell for further assistance, who took over the technical analysis.

Stairwell found a new malware sample named “Goldbackdoor,” which was assessed as a successor of “Bluelight.”


The post North Korea targets journalists with novel malware appeared first on IT Security Guru.


You May Also Like

Zimbra zero-day vulnerability exploited to steal emails

Attacks linked to a Chinese threat actor have exploited a Zimbra’s zero-day…