New Chinotto Spyware Targets North Korean Defectors, Human Rights Activists

2021-11-29 05:14

Russian cybersecurity firm Kaspersky attributed the infiltrations to a North Korean hacker group tracked as ScarCruft, also known as APT37, Reaper Group, InkySquid, and Ricochet Chollima.

"The actor utilized three types of malware with similar functionalities: versions implemented in PowerShell, Windows executables and Android applications," the company's Global Research and Analysis Team said in a new report published today.

"Although intended for different platforms, they share a similar command and control scheme based on HTTP communication. Therefore, the malware operators can control the whole malware family through one set of command and control scripts."

In August 2021, the threat actor was unmasked using two exploits in the Internet Explorer web browser to infect victims with a custom implant known as BLUELIGHT by staging a watering hole attack against a South Korean online newspaper.

Additional techniques uncovered by GReAT on one of the infected victims show that post its breach on March 22, 2021, the operators managed to collect screenshots for a period of two months between August and September, before deploying a fully-featured malware called Chinotto in late August to control the device and exfiltrate sensitive information to a command-and-control server.

"Many journalists, defectors and human rights activists are targets of sophisticated cyberattacks," the researchers said.

News URL

https://thehackernews.com/2021/11/new-chinotto-spyware-targets-north.html

#northkorean #spyware