
North Korea has been employing some new malware as part of a spear-phishing campaign against U.S. and European media and technology organizations. This campaign, which has been going on since June 2022, is similar to another North Korean cyber attack operation called "Dream Job." UNC2970 is the new name for the North Korean group that was formerly known as UNC577 (aka Temp.Hermit). This group is also responsible for the UNC4034 operation, which was documented by Mandiant in September 2022. The UNC4034 operation used WhatsApp to trick targets into downloading a backdoor called AIRDRY.V2.
The North Korean group known as Temp.Hermit is one of the primary hacking units associated with North Korea's Reconnaissance General Bureau (RGB) alongside Andariel and APT38 (aka BlueNoroff). All three of these groups are collectively referred to as the Lazarus Group (aka Hidden Cobra or Zinc).