North Korean Hackers Target Journalists With Malware

The state-sponsored North Korean hackers APT37, also known as Ricochet Chollima, target journalists with Goldbackdoor malware.

According to NK News, the malicious software spreads through phishing attacks. Emails to journalists included a link to download ZIP archives of LNK files, both named ‘Kang Min-chol edits.’ Kang Min-chol is North Korea’s Minister of Mining Industries.

The Goldbackdoor malware runs as a PE file (portable executable) and can remotely accept basic commands and exfiltrate data. It also has a number of API keys that can be used to authenticate to Azure and recover commands to execute.

To exfiltrate files, the malware uses legitimate cloud services such as Google Drive and Microsoft OneDrive. Files targeted by the malware are mainly documents and media such as PDF, DOCX, MP3, TXT, M4A, JPC, XLS, PPT, BIN, 3GP and MSG.

The campaign uses a two-stage infection process that gave the threat actors more deployment versatility. It also made it harder for analysts to capture payloads.

The sources for this piece include an article in BleepingComputer.

North Korean Hackers Target Journalists With Malware

Top Stories

OpenAI brings in Smartly to shape how ads work inside ChatGPT

Quantum breakthrough researchers cut required qubits from millions to thousands

Anthropic coding tool exposes full source code again after packaging error

Cisco breach exposes 300+ repos after supply chain attack

OpenAI cuts Sora with $1M-a-day costs to free up resources for core AI models

AI boom faces new constraint as helium disruption slows chip production

Related Articles

Anthropic coding tool exposes full source code again after packaging error

Cisco breach exposes 300+ repos after supply chain attack

New Google update targets sensitive data exposure in search results

GitHub Copilot to train on user data by default

TND Newsdesk

TND Newsdesk

Jim Love

Follow Us

Popular categories

Tech News Delivered