CyberNews Briefs

Nation-state Hackers Target Journalists with Goldbackdoor Malware

According to security researchers at Stairwell, a recent campaign by APT37 used sophisticated malware to steal information about sources. The threat group appears to be utilizing a malware that is a successor of Bluelight called Goldbackdoor. Goldbackdoor is believed to be tied to the North Korean government due to its usage in actively targeting journalists with the goal of stealing sensitive information. Researchers state that the campaign began in March and is still active.

Stairwell researchers followed up on an initial report released by South Korea’s NK News, which detailed the campaign perpetrated by the North Korean-linked threat actor. In one instance, the cyberattackers stole from the private computer of a former South Korean intelligence official. In addition, the threat actor attempted to impersonate NK News and distribute a novel malware targeting journalists who were using sources. NK News offered Stairwell certain details to aid their investigation into the incidents.

Read More: Nation-state Hackers Target Journalists with Goldbackdoor Malware

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.