North Korean BLUELIGHT Special: InkySquid Deploys RokRAT
Contents
North Korean BLUELIGHT Special: InkySquid Deploys RokRAT
August 24, 2021
In a recent blog post, Volexity disclosed details on a portion of the operations by a North Korean threat actor it tracks as InkySquid. This threat actor compromised a news portal to use recently patched browser exploits to deliver a custom malware family known as BLUELIGHT.
This follow-up post describes findings from a recent investigation undertaken by Volexity in which the BLUELIGHT malware was discovered being delivered to a victim alongside RokRAT (aka DOGCALL). RokRAT is a backdoor previously attributed to use by ScarCruft/APT37, which is also known as InkySquid. It should be noted that Volexity identified some overlap between the findings discussed in this post and this Korean-language article.
Analysis
Volexity is often asked to analyze systems of users frequently targeted by state-sponsored threat actors based on some tip-off or concern that the systems may be compromised. In this case, it was a system …
August 24, 2021
In a recent blog post, Volexity disclosed details on a portion of the operations by a North Korean threat actor it tracks as InkySquid. This threat actor compromised a news portal to use recently patched browser exploits to deliver a custom malware family known as BLUELIGHT.
This follow-up post describes findings from a recent investigation undertaken by Volexity in which the BLUELIGHT malware was discovered being delivered to a victim alongside RokRAT (aka DOGCALL). RokRAT is a backdoor previously attributed to use by ScarCruft/APT37, which is also known as InkySquid. It should be noted that Volexity identified some overlap between the findings discussed in this post and this Korean-language article.
Analysis
Volexity is often asked to analyze systems of users frequently targeted by state-sponsored threat actors based on some tip-off or concern that the systems may be compromised. In this case, it was a system …