Select Page

Hackers tied to the North Korean government have been observed using an updated version of a backdoor known as Dtrack targeting a wide range of industries in Germany, Brazil, India, Italy, Mexico, Switzerland, Saudi Arabia, Turkey, and the U.S.

“Dtrack allows criminals to upload, download, start or delete files on the victim host,” Kaspersky researchers Konstantin Zykov and Jornt van der Wiel said in a report.

The victimology patterns indicate an expansion to Europe and Latin America. Sectors targeted by the malware are education, chemical manufacturing, governmental research centres and policy institutes, IT service providers, utility providers, and telecommunication firms.

Dtrack, also called Valefor and Preft, is the handiwork of Andariel, a subgroup of the Lazarus nation-state threat actor that’s publicly tracked by the broader cybersecurity community using the monikers Operation Troy, Silent Chollima, and Stonefly.

images from Hacker News