North Korean spyware campaign more potent than previously thought: Researchers
Bluelight backdoor paved the way for Dolphin malware to exfiltrate victims’ information through Google cloud services
A North Korean cyber espionage campaign involved more malware than previously understood, security researchers said Wednesday, featuring capabilities such as exfiltrating passwords, screenshots and keystrokes to the attackers through Google Drive.
The malware, which researchers at ESET Security dub Dolphin in a new report, is the next-stage payload of Bluelight, a backdoor previously uncovered by security firm Volexity in Aug. 2021.
At the time, Volexity said North Korea-focused outlet DailyNK had been infected with Bluelight, suggesting attackers may have deployed Dolphin on the company’s systems, too.
“While the Bluelight backdoor performs basic reconnaissance
- 01Why it matters if South Koreans personally know a North Korean defector
- 02Reopening in slow motion: The growing risks of North Korea’s two-tiered scheme
- 03North Korea’s election reforms are not the first time voters have had a choice
- 04How North Korea’s move to scrap military deal raises risk of conflict with South
- 05State media review: North Korea extols ‘heroic’ moms raising soldiers for regime
- 06How North Korea’s successful satellite launch could raise tensions in near term
- 07North Korea’s new spy satellite could prevent conflict, but also abet attacks
- 08No signs North Korea testing advanced drones months after propaganda reveal