North Korean government-affiliated organisations are reportedly using a new Windows malware strain that may collect sensitive data from any connected device, including mobile phones.
According to the experts at ESET, they have discovered a data thief known as Dolphin. Erebus (Advanced Persistent Threat 37), a threat actor with connections to the North Korean government, is reportedly making use of Dolphin. According to their findings, the organisation has been meeting for close to ten years.
The dolphin was initially seen in April of 2021, but it has grown into quite the monster since then. It can now capture images of infected machines and record all keystrokes, in addition to collecting data from infected web browsers (stored passwords, credit card details, etc.).
To Google Drive it goes!
The malicious software receives instructions and reports back to a Google Drive instance.
In addition to this, Dolphin records details about the endpoint itself, such as its name, local and external IP address, security solutions installed, hardware specifications, and operating system version.
In addition, it checks cellphones and any external devices for private information (including files, emails, photographs, and videos). According to ESET, this is because to the Windows Portable Device API.
There have been four distinct variants of the malware discovered in the wild, the most recent being version 3.0 in January 2022.
There are at least two large state-sponsored gangs causing havoc throughout the digital globe, and North Korea is quite active on the cybercrime arena. The Lazarus Group theft of 600 million from Ronin Bridge, a cryptocurrency startup, is perhaps the most egregious case. The North Korean government, according to intelligence sources, is reportedly using cybercriminal organisations as a source of revenue.