Malware
GoldBackdoor
First seen: 2022-01 • Status: active
Currently Active Threat
GoldBackdoor is used to spy on journalists who write about North Korea. It hides its communications in cloud services.
Overview
GoldBackdoor targets journalists covering North Korea. It uses cloud services for command and control.
How It Spreads
- • Journalist targeting
- • Social engineering
What It Does
- • Journalist surveillance
- • Data theft
- • Cloud-based C2
Is your business exposed?
Target Platforms
Windows
Detection Tips
- • Monitor for cloud C2 patterns
MITRE ATT&CK Techniques
T1567, T1005
If You're Infected
- 1.
Contact press freedom organizations
Related Malware
Is your business exposed?
Check if your company data is circulating on the dark web
Free scan • No credit card required