The “Goldbackdoor” malware was sent from the personal email address of the previously compromised head of South Korea’s National Intelligence Service to a journalist in North Korea in order to gain access to the news outlet.
APT37/RICOCHET CHOLLIMA , a state backed group linked to the Democratic People’s Republic Of Korea (DPRK) are responsible for this malicious attack.
According to the Investigation done by North Korea, multiple phishing emails were sent to North Korea News outlet on Mar18. This is seen as a threat to the North Korean government where news or information that paints the leadership or government in a negative light is seen as a threat to national security.
Previous North Korea Exploit
The Asian country has also stirred a lot of controversies with its recent campaigns on cryptocurrencies. Two weeks ago, it was reported that the United States‘ Office of Foreign Asset Control (OFAC) on Friday tracked the stolen cryptocurrencies from the Ronin Network to an address on by the North Korea-backed hackers Lazarus group.
The agency disclosed that it had sanctioned the account, adding the group to the SDN list. The threat actors, also known as APT-C-26, have been on other watchlists due to its previous campaigns.
