North Korean spyware campaign more potent than previously thought: Researchers
Bluelight backdoor paved the way for Dolphin malware to exfiltrate victims’ information through Google cloud services
A North Korean cyber espionage campaign involved more malware than previously understood, security researchers said Wednesday, featuring capabilities such as exfiltrating passwords, screenshots and keystrokes to the attackers through Google Drive.
The malware, which researchers at ESET Security dub Dolphin in a new report, is the next-stage payload of Bluelight, a backdoor previously uncovered by security firm Volexity in Aug. 2021.
At the time, Volexity said North Korea-focused outlet DailyNK had been infected with Bluelight, suggesting attackers may have deployed Dolphin on the company’s systems, too.
“While the Bluelight backdoor performs basic reconnaissance
- 01State media review: North Korea orders young ‘volunteers’ to construction sites
- 02Sprawling worker camp appears near North Korea’s military nerve center
- 03Vast new trove of North Korean laws shines light on developments in country
- 04What’s left of the foreign community in Pyongyang, three years into pandemic
- 05Pyongyang streets empty but civilians still training for military parade: Images
- 06Why North Korean state media remains silent about the Pyongyang lockdown
- 07State media review: North Korea celebrates Cold War capture of US ship
- 08North Korea pushes ahead with military parade training despite virus lockdown
- 09North Korea’s parliament introduces first new speaker in nearly 2 years
- 10Inside the shadowy team of elite North Korean photographers covering Kim Jong Un