Hackers from North Korea steal data from Windows devices and any phone connected to them

Researchers from the information security company ESET have found a backdoor linked to North Korea that has a wide range of spying

Researchers from the information security company ESET have found a backdoor linked to North Korea that has a wide range of spying capabilities not only on the targeted PC but also on other mobile devices connected to it.

According to the company, the backdoor is capable of monitoring drives and smartphones connected to a computer, extracting important files from them, recording keystrokes, taking screenshots, and stealing credentials from browsers.

The researchers explained that the back door, which they called the dolphin, has specific functions. He misuses cloud storage services, such as Google Drive in particular, for the purposes of command and control communication.

According to the researchers, behind the Dolphin backdoor is the ScarCruft spy group, also known as APT37 or Reaper, which has been in operation since at least 2012.

The researchers said the group focused its work primarily on South Korea but had also targeted other Asian countries in the past. It is interested in government and military institutions, and companies in various industries linked to North Korean interests.

ESET explained that the Dolphin backdoor, after being deployed on specific targets, searches the disks of the compromised systems in search of files of interest and outputs them to Google Drive.

“Among the unusual capabilities found in previous versions of the backdoor is the ability to modify victims’ Google and Gmail account settings to lower their security level,” the company said. The reason is likely to maintain access to the threat actors’ Gmail account.”

In 2021, the ScarCruft Group launched an attack on a South Korean online newspaper focused on North Korea. The attack consisted of multiple components, such as an exploit for Microsoft’s Internet Explorer web browser.

Since the initial discovery of the Dolphin backdoor in April 2021, ESET researchers have noticed multiple versions of it, as attackers have worked to improve its capabilities in an attempt to avoid detection.

The researchers said that the backdoor has the advantage that it actively searches drives and automatically filters files with interesting extensions, and collects basic information about the target device, including operating system version, list of installed security products, user name, and computer name.

By default, Dolphin searches all hard drives such as HDD, SSD, and non-volatile drives such as USB external storage drives creates directories lists and pulls files by extension. The backdoor also searches for portable devices connected to the computer, such as smartphones, through the Windows Portable Device API.

The backdoor also steals credentials from browsers and is capable of recording keyboard clicks and taking screenshots. Finally, the backdoor includes this data into encrypted zip archives before uploading it to Google Drive.

Don’t Stop Here

More To Explore

solar eclipse eclipse solar eclipse 2024 solar eclipse 2023 eclipse 2024 eclipse 2023 2023 eclipse 2023 solar eclipse april 8 2024 eclipse 2024 total eclipse 2023 solar eclipses 2024 sun eclipse eclipse april 8 2024 eclipse lunar eclipse eclipse of the sun 2024 eclipse solar eclipse eclipse2023 lunar eclipses solar and eclipse solar eclipse solar eclipse solar solar eclipse solar sun eclipse total eclipse in 2024 total eclipse 2024 total solar eclipse 2024 next solar eclipse total eclipse next eclipse total solar eclipse april 2024 eclipse annular solar eclipse annular eclipse 2023 lunar eclipse 2023 annular eclipse eclipse april 2024 april 2024 solar eclipse solar eclipse april 2024 annular solar eclipse 2023 eclipse today 2023 annular eclipse total eclipse of the sun 2024 sun eclipse 2024 totality eclipse 2024 total eclipse april 2024 8 april 2024 eclipse lunar penumbral eclipse october 2023 eclipse of 2024 eclipse of sun today eclipse penumbral eclipse timer full eclipse of the moon lunar eclipses 2023 next eclipse of the sun solaire eclipse solar eclipse of april 20 2023 solar eclipse of october 14 2023 solar eclipse today solar v lunar eclipse sun eclipse next total solar eclipse in 2024 upcoming sun eclipse sun eclipse next total solar eclipse eclipse 2022 great american eclipse 2024 total solar eclipse 2023 total eclipse 2023 next eclipse 2023 full solar eclipse 2024 full eclipse 2024 upcoming solar eclipse full solar eclipse next total eclipse eclipse april 2023 sun eclipse 2023 iso 12312 2 next eclipse 2024 next full solar eclipse total lunar eclipse april eclipse 2024 next solar eclipse 2023 future solar eclipses eclipse in 2024 solar and lunar eclipse full eclipse 2023 2023 total solar eclipse 1993 eclipse 2017 eclipse 2017 solar eclipse 2017 total solar eclipse 2019 eclipse 2022 solar eclipse 2024 solar eclipse best viewing april 20 eclipse april 8 2024 solar eclipse april 8 2024 total solar eclipse april eclipse 2023 april solar eclipse 2024 eclipse 1994

Experience the Solar Eclipse with The Eclipse App: Your Ultimate Companion

An innovative app, tailored to enhance your observation of the total solar eclipse on April 8, 2024, has risen to prominence on the App Store. Titled simply “The Eclipse App,” it has amassed over 140,000 lifetime downloads on both iOS and Android platforms. This app serves as a comprehensive tool for experiencing the celestial event, providing features such as cloud cover forecasts, precise timing for totality at your specific location, and details on local events, parks, and viewing sites in your vicinity.

April 8, 2024 No Comments

Twitter Introduces Payments for Verified Creators' Advertisements in Replies, Elon Musk Announces

Brazil Investigates Elon Musk Over X Dispute

Brazil has launched an investigation into Elon Musk over potential obstruction of justice following X’s reversal of a decision to block certain profiles in the country.

April 8, 2024 No Comments

Microsoft AI appcenter ms microsoft yammer microsoft advertising azure sphere azure bastion azure lighthouse azure labs delve microsoft microsoft network monitor azure cloud services microsoft net framework 2.0 azure free cmt microsoft outlook forms azure event grid visio viewer azure for students azure migrate azure regions azure security sql server 2022 azure defender microsoft business sql server 2016 azure availability zones azure hybrid benefit azure sentinel microsoft devops windows store microsoft 365 business sql 2019 azure pay as you go microsoft azure portal azure services sql server 2017 azure free tier microsoft office forms microsoft azure cloud edge for mac o365login microsoft project management windows virtual desktop miss excel azure advisor microsoft remote desktop download microsoft sql server 2019 microsoft business standard microsoft csp microsoft business premium owa 365 microsoft 365 business premium azure monitor microsoft business basic microsoft intune ms intune biztalk azure 200 azure vpn gateway azure cli mpp viewer remote desktop connection windows 10 visual studio professional 2022 sql server 2014 windows server 2022 download dot net framework godaddy 365 go daddy 365 azure batch azure vdi microsoft azure application gateway v2 microsoft dataverse ms power windows server 2019 download skype for business portal office365 com microsoft defender for office 365 active directory domain services azure cloud windows remote desktop visio for mac azure vpn windows server download azure data studio azure automation office 365 business defender for cloud microsoft teams linux godaddy office 365 mcse certification azure active directory microsoft sql management studio office 365 business premium microsoft 365 business standard microsoft remote desktop download sql server 2019 intune microsoft teams rooms windows 365 cloud pc accdb dev azure com

Microsoft AI’s New London Hub Led by Former Inflection and DeepMind Scientist Jordan Hoffmann

Microsoft has unveiled a new London hub for its consumer AI division, with Jordan Hoffmann, a scientist and engineer formerly with

April 8, 2024 No Comments