North Korean Hackers Target Journalists With Malware

Share post:

The state-sponsored North Korean hackers APT37, also known as Ricochet Chollima, target journalists with Goldbackdoor malware.

According to NK News, the malicious software spreads through phishing attacks. Emails to journalists included a link to download ZIP archives of LNK files, both named ‘Kang Min-chol edits.’ Kang Min-chol is North Korea’s Minister of Mining Industries.

The Goldbackdoor malware runs as a PE file (portable executable) and can remotely accept basic commands and exfiltrate data. It also has a number of API keys that can be used to authenticate to Azure and recover commands to execute.

To exfiltrate files, the malware uses legitimate cloud services such as Google Drive and Microsoft OneDrive. Files targeted by the malware are mainly documents and media such as PDF, DOCX, MP3, TXT, M4A, JPC, XLS, PPT, BIN, 3GP and MSG.

The campaign uses a two-stage infection process that gave the threat actors more deployment versatility. It also made it harder for analysts to capture payloads.

The sources for this piece include an article in BleepingComputer.

Featured Tech Jobs


Related articles

Cyber Security Today, April 12, 2024 – A warning to Sisense customers, a new tactic for spreading the Raspberry Robin worm, and more

A warning to Sisense customers, a new tactic for spreading the Raspberry Robin worm, and more. Welcome to Cyber Security Today. It’s Friday April 12th, 2024. I’m Howard Solomon. Organizations that use products from business analytics provider Sisense [SI-SENSE] are being told to reset user login credentials and digital keys. The warning comes from the

LinkedIn introduces verification for recruiters to combat scams

LinkedIn announced today the launch of a new verification process for job recruiters, a move aimed at curtailing...

Cyber Security Today, Week in Review for week ending Friday, April 5, 2024

This episode features a discussion on a highly critical report on the hacking of Microsoft Exchange Online email accounts, a case study of a ransomware attack and the discovery of a years-long infiltration of an open source group to insert a backdoor

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways