North Korean spyware campaign more potent than previously thought: Researchers



News North Korean spyware campaign more potent than previously thought: Researchers Bluelight backdoor paved the way for Dolphin malware to exfiltrate victims’ information through Google cloud services Ethan Jewell December 2, 2022 SHARE COPY LINK FACEBOOK X LINKEDIN MASTODON A warning to users that a site may contain malware \| Image: NK Pro A North Korean cyber espionage campaign involved more malware than previously understood, security researchers said Wednesday, featuring capabilities such as exfiltrating passwords, screenshots and keystrokes to the attackers through Google Drive. The malware, which researchers at ESET Security dub Dolphin in a new report, is the next-stage payload of Bluelight, a backdoor previously uncovered by security firm Volexity in Aug. 2021. At the time, Volexity said North Korea-focused outlet DailyNK had been infected with Bluelight, suggesting attackers may have deployed Dolphin on the company’s systems, too. “While the Bluelight backdoor performs basic reconnaissance Read More © Korea Risk Group. All rights reserved. No part of this content may be reproduced, distributed, or used for commercial purposes without prior written permission from Korea Risk Group. LATEST ANALYSIS 01How long-range strikes on Russia could impact North Korean troop deployments 02How North Korean hackers and IT workers collude to cause chaos 03What pro-Trump think tanks reveal about his likely North Korea policy priorities 04Yoon bet on US to deter North Korea. Now he faces an alliance skeptic in Trump. 05All the question marks hanging over Trump’s approach to North Korea in term two 06Time almost up for North Korea’s plan to launch 3 military satellites in 2024 07Trump return rekindles prospects of North Korea talks, but Russia stands in way 08How China could benefit from North Korea’s troop deployment to Ukraine

News

North Korean spyware campaign more potent than previously thought: Researchers

Bluelight backdoor paved the way for Dolphin malware to exfiltrate victims’ information through Google cloud services

Ethan Jewell December 2, 2022

North Korean spyware campaign more potent than previously thought: Researchers

A warning to users that a site may contain malware | Image: NK Pro

A North Korean cyber espionage campaign involved more malware than previously understood, security researchers said Wednesday, featuring capabilities such as exfiltrating passwords, screenshots and keystrokes to the attackers through Google Drive.

The malware, which researchers at ESET Security dub Dolphin in a new report, is the next-stage payload of Bluelight, a backdoor previously uncovered by security firm Volexity in Aug. 2021.

At the time, Volexity said North Korea-focused outlet DailyNK had been infected with Bluelight, suggesting attackers may have deployed Dolphin on the company’s systems, too.

“While the Bluelight backdoor performs basic reconnaissance

01How long-range strikes on Russia could impact North Korean troop deployments
02How North Korean hackers and IT workers collude to cause chaos
03What pro-Trump think tanks reveal about his likely North Korea policy priorities
04Yoon bet on US to deter North Korea. Now he faces an alliance skeptic in Trump.
05All the question marks hanging over Trump’s approach to North Korea in term two
06Time almost up for North Korea’s plan to launch 3 military satellites in 2024
07Trump return rekindles prospects of North Korea talks, but Russia stands in way
08How China could benefit from North Korea’s troop deployment to Ukraine

North Korean spyware campaign more potent than previously thought: Researchers

LATEST ANALYSIS

Similar Articles

About the Author

Ethan Jewell