Security News > 2022 > November > North Korean hackers target European orgs with updated malware
North Korean hackers are using a new version of the DTrack backdoor to attack organizations in Europe and Latin America.
In the new campaign, Kaspersky has seen DTrack distributed using filenames commonly associated with legitimate executables.
Kaspersky told BleepingComputer that DTrack continues to be installed by breaching networks using stolen credentials or exploiting Internet-exposed servers, as seen in previous campaigns.
Kaspersky attributes this activity to the North Korean Lazarus hacking group and claims the threat actors use DTrack whenever they see the potential for financial gains.
In August 2022, the same researchers linked the backdoor to the North Korean hacking group tracked as 'Andariel,' which deployed Maui ransomware in corporate networks in the U.S. and South Korea.
In February 2020, Dragos linked DTrack to a North Korean threat group, 'Wassonite,' which attacked nuclear energy and oil and gas facilities.
News URL
Related news
- North Korean Hackers Deploy OtterCookie Malware in Contagious Interview Campaign (source)
- APT-C-60 Hackers Exploit StatCounter and Bitbucket in SpyGlace Malware Campaign (source)
- North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks (source)
- Hackers Leveraging Cloudflare Tunnels, DNS Fast-Flux to Hide GammaDrop Malware (source)
- Radiant links $50 million crypto heist to North Korean hackers (source)
- Hackers Exploit Webview2 to Deploy CoinLurker Malware and Evade Security Detection (source)
- North Korean hackers stole $1.3 billion worth of crypto this year (source)
- North Korean Hackers Pull Off $308M Bitcoin Heist from Crypto Firm DMM Bitcoin (source)
- FBI links North Korean hackers to $308 million crypto heist (source)
- Russia-Linked Hackers Target Kazakhstan in Espionage Campaign with HATVIBE Malware (source)