North Korean hackers targeted ethnic Koreans in China with Android ‘BirdCall’ malware
Researchers at cybersecurity firm ESET attributed the campaign to APT37 and said the hackers used a backdoor attached to a suite of card games from a company called Sqgame.
Ethnic Koreans living in the Yanbian region of China were targeted by a sophisticated North Korean hacking group with a strain of malware attached to a popular Android mobile game.
Researchers at cybersecurity firm ESET attributed the campaign to APT37 and said the hackers used a backdoor attached to a suite of card games from a company called Sqgame.
The backdoor, named BirdCall by the researchers, allowed APT37 to take screenshots, record calls, steal personal data and more. The Yanbian region of China is on the border with North Korea and is often referred to as “Third Korea.” ESET researchers said the campaign was likely aimed at refugees or defectors from the North Korean regime.
Source: https://therecord.media/north-korean-hackers-target-ethnic-koreans-in-china
Related breach coverage
- Pro-Ukraine BO Team and Head Mare hackers appear to team up in attacks against Russia2026-05-08
Researchers at Moscow-based cybersecurity firm Kaspersky said they identified overlapping infrastructure and tools used by both groups — including command-and-control systems operating on the same compromised host — suggesting some coordination.
- New Deep#Door RAT uses stealth and persistence to target Windows2026-05-02
Deep#Door hides a Python RAT inside a batch file, kills Windows defenses, survives via multiple persistence methods, and exfiltrates data through a public TCP tunnel. Security researchers at Securonix uncovered a sophisticated malware campaign called Deep#Door. Threat actors employed a stealthy Python-based backdoor that uses a surprisingly simple delivery method to achieve deep, persistent access […]
- Palo Alto Zero-Day Exploited in Campaign Bearing Hallmarks of Chinese State Hacking2026-05-07
The cybersecurity firm has not explicitly accused China of being behind the attack, but the evidence suggests it was. The post Palo Alto Zero-Day Exploited in Campaign Bearing Hallmarks of Chinese State Hacking appeared first on SecurityWeek.
- Iranian cyber espionage disguised as a Chaos Ransomware attack2026-05-06
Iran-linked APT MuddyWater used ransomware-style tactics to mask espionage, combining phishing, credential theft, data exfiltration, and extortion without encryption. A newly discovered cyber intrusion attributed to the Iran-linked APT MuddyWater (aka SeedWorm, TEMP.Zagros, Mango Sandstorm, TA450, and Static Kitten) reveals how state-sponsored attackers are increasingly leveraging ransomware tactics to disguise espionage operations. The campaign, uncovered by security researchers at Rapid7, blended […]