Security News > 2022 > November > North Korea Hackers Using New "Dolphin" Backdoor to Spy on South Korean Targets
The North Korea-linked ScarCruft group has been attributed to a previously undocumented backdoor called Dolphin that the threat actor has used against targets located in its southern counterpart.
"The backdoor has a wide range of spying capabilities, including monitoring drives and portable devices and exfiltrating files of interest, keylogging and taking screenshots, and stealing credentials from browsers," ESET researcher Filip Jurčacko said in a new report published today.
The campaign, first uncovered by Kaspersky and Volexity last year, entailed the weaponization of two Internet Explorer flaws to drop a backdoor named BLUELIGHT. ScarCruft, also called APT37, InkySquid, Reaper, and Ricochet Chollima, is a geo-political motivated APT group that has a track record of attacking government entities, diplomats, and news organizations associated with North Korean affairs.
Earlier this April, cybersecurity firm Stairwell disclosed details of a spear-phishing attack targeting journalists covering the country with the ultimate goal of deploying a malware dubbed GOLDBACKDOOR that shares overlaps with another ScarCruft backdoor named BLUELIGHT. The latest findings from ESET shed light on a second, more sophisticated backdoor delivered to a small pool of victims via BLUELIGHT, indicative of a highly-targeted espionage operation.
"While the BLUELIGHT backdoor performs basic reconnaissance and evaluation of the compromised machine after exploitation, Dolphin is more sophisticated and manually deployed only against selected victims," Jurčacko explained.
"One unusual capability found in prior versions of the backdoor is the ability to modify the settings of victims' Google and Gmail accounts to lower their security, presumably in order to maintain account access for the threat actors."
News URL
https://thehackernews.com/2022/12/north-korea-hackers-using-new-dolphin.html
Related news
- Officials warn of Russia's tech-for-troops deal with North Korea amid Ukraine conflict (source)
- Salt Typhoon hackers backdoor telcos with new GhostSpider malware (source)
- RomCom hackers chained Firefox and Windows zero-days to deliver backdoor (source)
- Hackers exploit ProjectSend flaw to backdoor exposed servers (source)
- Hackers Target Uyghurs and Tibetans with MOONSHINE Exploit and DarkNimbus Backdoor (source)
- North Korea's fake IT worker scam hauled in at least $88M over six years (source)
- Winnti hackers target other threat actors with new Glutton PHP backdoor (source)
- Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks (source)