North Korea–linked threat actor APT 37 targeted journalists with novel Goldbackdoor malware. APT 37 initially used RokRat malware to hack the email account of a former director at South Korea’s National Intelligence Service. The hackers then impersonated the official and targeted South Korean journalists, sending emails laced with Goldbackdoor malware. The malware can be used to steal passwords and documents.
- Journalists and the former director of South Korea’s National Intelligence Service
Suspected state sponsor
- Korea (Democratic People's Republic of)
Type of incident
- Civil society
Victim government reaction