Tech News

Tech Business News

  • Home
  • Technology
  • Business
  • News
    • Technology News
    • Local Tech News
    • World Tech News
    • General News
    • News Stories
  • Media Releases
    • Tech Media Releases
    • General Media Releases
  • Advertisers
    • Advertiser Content
    • Promoted Content
    • Sponsored Whitepapers
    • Advertising Options
  • Cyber
  • Reports
  • People
  • Science
  • Articles
    • Opinion
    • Digital Marketing
    • Guest Publishers
  • About
    • Tech Business News
    • News Contributions -Submit
    • Journalist Application
    • Contact Us
Reading: North Korea-linked group launches Dolphin backdoor, steals files and communicates via Google Drive
Share
Font ResizerAa
Tech Business NewsTech Business News
  • Home
  • Technology News
  • Business News
  • News Stories
  • General News
  • World News
  • Media Releases
Search
  • News
    • Technology News
    • Business News
    • Local News
    • News Stories
    • General News
    • World News
    • Global News
  • Media Releases
    • Tech Media Releases
    • General Press
  • Categories
    • Crypto News
    • Cyber
    • Digital Marketing
    • Education
    • Gadgets
    • Technology
    • Guest Publishers
    • IT Security
    • People In Technology
    • Reports
    • Science
    • Software
    • Stock Market
  • Promoted Content
    • Advertisers
    • Promoted
    • Sponsored Whitepapers
  • Contact & About
    • Contact Information
    • About Tech Business News
    • News Contributions & Submissions
Follow US
© 2022 Tech Business News- Australian Technology News. All Rights Reserved.
Tech Business News > IT Security > North Korea-linked group launches Dolphin backdoor, steals files and communicates via Google Drive
IT Security

North Korea-linked group launches Dolphin backdoor, steals files and communicates via Google Drive

ESET researchers analyzed a previously unreported sophisticated backdoor used by the ScarCruft APT group.

Editorial Desk
Last updated: December 1, 2022 5:34 am
Editorial Desk
Share
SHARE

The backdoor, which ESET named Dolphin, has a wide range of spying capabilities, including monitoring drives and portable devices, exfiltrating files of interest, keylogging, taking screenshots, and stealing credentials from browsers.

Its functionality is reserved for selected targets, to which the backdoor is deployed after initial compromise using less advanced malware. Dolphin abuses cloud storage services — specifically Google Drive — for Command and Control communication. 

ScarCruft, also known as APT37 or Reaper, is an espionage group that has been operating since at least 2012. It primarily focuses on South Korea, but other Asian countries have also been targeted. ScarCruft seems to be interested mainly in government and military organizations, and companies in various industries linked to the interests of North Korea.

ESET researcher Filip Jurčacko, who analyzed the Dolphin backdoor says after being deployed on selected targets, it searches the drives of compromised systems for interesting files and exfiltrates them to Google Drive.

“One unusual capability found in prior versions of the backdoor is the ability to modify the settings of victims’ Google and Gmail accounts to lower their security, presumably to maintain Gmail account access for the threat actors,” said Jurčacko

In 2021, ScarCruft conducted a watering-hole attack on a South Korean online newspaper focused on North Korea. The attack consisted of multiple components, including an Internet Explorer exploit and shellcode leading to a backdoor named BLUELIGHT. 

“In the previous reports, the BLUELIGHT backdoor was described as the attack’s final payload. However, when analyzing the attack, we discovered through ESET telemetry a second, more sophisticated backdoor deployed on selected victims via this first backdoor. “

“We named this backdoor Dolphin based on a PDB path found in the executable,” Jurčacko explains .

Since the initial discovery of Dolphin in April 2021, ESET researchers have observed multiple versions of the backdoor, in which the threat actors improved the backdoor’s capabilities and made attempts to evade detection..

While the BLUELIGHT backdoor performs basic reconnaissance and evaluation of the compromised machine after exploitation, Dolphin is more sophisticated and manually deployed only against selected victims.

Both backdoors are capable of exfiltrating files from a path specified in a command, but Dolphin also actively searches drives and automatically exfiltrates files with interesting extensions.

The backdoor collects basic information about the targeted machine, including the operating system version, malware version, list of installed security products, username, and computer name.

By default, Dolphin searches all fixed (HDD) and non-fixed drives (USBs), creates directory listings, and exfiltrates files by extension. Dolphin also searches portable devices, such as smartphones, via the Windows Portable Device API.

The backdoor also steals credentials from browsers, and is capable of keylogging and taking screenshots. Finally, it stages this data in encrypted ZIP archives before uploading to Google Drive.

By Editorial Desk
The TBN team is a well establish group of technology industry professionals with backgrounds in IT Systems, Business Communications and Journalism.
Previous Article New energy management foresights for electric vehicles and renewable energy Monash University Reveals New Foresights for Energy Management in Australian Households
Next Article NBN Co selects Ericsson fixed wireless 5G NBN Co & Ericsson Announce 10-Year Partnership To Transform The NBN Fixed Wireless Access Network
Leave a comment

Leave a Reply Cancel reply

You must be logged in to post a comment.

Backdoor ESET named Dolphin ScarCruft APT group

Tech Articles

Remote Work Trust & Rapport Team Members

How To Build Trust & Rapport With Remote Team Members

Building trust with a remote team members can feel like…

November 23, 2024
IT managed services Australia

The Rise Of Managed IT Services In Australia

As we stand at the crossroads of technological advancement and…

October 14, 2024
Top Cyber Security Threats 2024

Top Cyber Security Threats In 2024

Top cyber security threats in 2024 has put the information…

October 2, 2024

Recent News

Cloudflare Integrates with Atlassian, Microsoft, and Sumo Logic
IT Security

Cloudflare Integrates Zero Trust Platform With Atlassian, Microsoft And Sumo Logic

4 Min Read
Free cybersecurity toolkit business australia
IT Security

Free Cybersecurity Toolkit For Australian Small Businesses To Keep Them Cyber Safe

5 Min Read
Cisco RV router patch
IT Security

Cisco urges customers to patch vulnerabilities discovered in its RV series routers.

3 Min Read
New research shows that 9 in 10 senior managers believe that phishing attacks are becoming a serious threat to businesses
IT Security

Phishing Attacks Become A Serious Threat To Businesses

8 Min Read
Tech News

Tech Business News

Stay up to date with the latest technology & business news trends from Australia and the around the world.

Technology News reports and whitepaper publishing services are available along with media and advertising options

Our Australian technology news includes People, Business, Science, World News, Local News, Guest publishers, IT News & Tech News Australia | Tech News was established in 2019

About

About Us 
Contact Us 
Privacy Policy
Copyright Policy
Terms & Conditions

December, 10, 2024

Contact

Contact Information.
Melbourne, Australia

Werribee 3030

Phone: +61 431401041

Hours : Monday to Friday, 9am 530-pm.


Tech News

© Copyright Tech Business News 

Latest Australian Tech News – 2024

Welcome Back!

Sign in to your account