State sponsored hackers operating out of North Korea have been targeting journalists with a novel malware strain, it has been revealed.
The group, known as APT37, distribute the malware through a phishing attack originally discovered by NK news, a US news site specialising in covering news and providing research and analysis about North Korea, using intelligence from within the country.
APT37, also known as Ricochet Chollima, is suspected to be sponsored by the North Korean government. The NK government is notorious for viewing journalism as a hostile activity, likely utilising the attack to access sensitive information and even unveil journalists sources.
After NK News discovered the attack, they contacted the malware experts at Stairwell for further assistance, who took over the technical analysis.
Stairwell found a new malware sample named “Goldbackdoor,” which was assessed as a successor of “Bluelight.”