"DPRK's APT37 Targets Cambodia With Khmer, 'VeilShell' Backdoor"

The North Korean state-sponsored threat actor known as "APT37" is spreading a new backdoor named "VeilShell." Most North Korean Advanced Persistent Threats (APTs) target South Korean or Japanese organizations, but APT37's latest campaign appears to target Cambodia, a country Kim Jong-Un has more complicated relations with. According to Securonix, APT37 has been sending malicious emails in the Khmer language about Cambodian affairs to attract victims. One lure appears to provide recipients with a spreadsheet related to annual income in US dollars across different sectors, such as social work, education, health, and more. This article continues to discuss the APT37's targeting of Cambodia to spread the VeilShell backdoor.

Dark Reading reports "DPRK's APT37 Targets Cambodia With Khmer, 'VeilShell' Backdoor"

Submitted by grigby1

Submitted by Gregory Rigby on