North Korean spyware campaign more potent than previously thought: Researchers
Bluelight backdoor paved the way for Dolphin malware to exfiltrate victims’ information through Google cloud services
A North Korean cyber espionage campaign involved more malware than previously understood, security researchers said Wednesday, featuring capabilities such as exfiltrating passwords, screenshots and keystrokes to the attackers through Google Drive.
The malware, which researchers at ESET Security dub Dolphin in a new report, is the next-stage payload of Bluelight, a backdoor previously uncovered by security firm Volexity in Aug. 2021.
At the time, Volexity said North Korea-focused outlet DailyNK had been infected with Bluelight, suggesting attackers may have deployed Dolphin on the company’s systems, too.
“While the Bluelight backdoor performs basic reconnaissance
- 01State media review: North Korea says ‘no reason’ it can’t meet with Japan
- 02North Korea primed for quick rebound after satellite launch failure: Analysis
- 03What to make of conflicting signs about a North Korean border reopening
- 04North Korea hacked an election body. But political interference wasn’t the goal.
- 05Secrecy surrounding North Korea’s upcoming plenum points to big changes afoot
- 06State media review: North Korea provides a front-row seat to anti-Yoon protests
- 07By linking radars, ROK and Japan reduce blind spots around North Korean missiles
- 08Poker face: North Korea tries new strategy in crackdown on ‘bluffing’ and lying