New Chinotto Spyware Targets North Korean Defectors, Human Rights Activists

North Korean defectors, journalists who cover North Korea-related news, and entities in South Korea are being zeroed in on by a nation-state-sponsored advanced persistent threat (APT) as part of a new wave of highly-targeted surveillance attacks.

Russian cybersecurity firm Kaspersky attributed the infiltrations to a North Korean hacker group tracked as ScarCruft, also known as APT37, Reaper Group, InkySquid, and Ricochet Chollima.

The actor utilized three types of malware with similar functionalities: versions implemented in PowerShell, Windows executables and Android applications, the company’s Global Research and Analysis Team (GReAT) said in a new report published today. Although intended for different platforms, they share a similar command and control scheme based on HTTP communication. Therefore, the malware operators can control the whole malware family through one set of command and control scripts.

Full article

Scroll to Top