Targeting of journalists reporting on North Korea
Date of report
  • April 2022
North Korea–linked threat actor APT 37 targeted journalists with novel Goldbackdoor malware. APT 37 initially used RokRat malware to hack the email account of a former director at South Korea’s National Intelligence Service. The hackers then impersonated the official and targeted South Korean journalists, sending emails laced with Goldbackdoor malware. The malware can be used to steal passwords and documents.
Suspected victims
  • Journalists and the former director of South Korea’s National Intelligence Service
Suspected state sponsor
  • Korea (Democratic People's Republic of)
Type of incident
  • Espionage
Target category
  • Civil society
Victim government reaction
  • Unknown