Sophisticated hackers associated with the North Korean government are actively targeting journalists using a sophisticated malware called Goldbackdoor.
The attacks have taken the shape of a multistage infection campaign aimed at stealing sensitive information from targets. The campaign is likely to have begun in March and is still underway, according to researchers. Stairwell researchers investigated a tip from South Korea’s NK News that a North Korean APT known as APT37 had taken information from the private computer of a former South Korean intelligence official.
The threat actor – also known as Ricochet Collima, InkySquid, Reaper, or ScarCruft – attempted to imitate NK News and spread unique malware in an attempt to target journalists who used the official as a source.