APT37 Abuses Google Drive Using Dynamic Dolphin Malware
02-Dec-22
The powerful backdoor known as Dolphin has been added to the huge toolkit of North Korean hacker organisation APT37 (also known as ScarCruft or Reaper). The backdoor abuses cloud storage systems, notably Google Drive for C2 communication.
ESET researchers discovered that APT37 has been utilising Dolphin since the beginning of 2021, and the backdoor is constantly changing to avoid discovery. The most recent finding is connected to a 2021 bar attack on a South Korean internet newspaper covering North Korean activity and events.
