North Korean state-sponsored hackers, attributed to APT37, have been targeting ethnic Koreans in China with a sophisticated Android malware campaign. The attackers utilized a backdoor embedded in a suite of card games developed by Sqgame, allowing them to gain unauthorized access to compromised devices. This campaign highlights the shifting threat landscape, where state-aligned activity in China is increasingly driven by geopolitical motivations rather than financial gain. The use of socially engineered malware, such as the "BirdCall" Android trojan, demonstrates the attackers' ability to adapt and evade detection. The attribution of this campaign to APT37 suggests a high level of sophistication and resources1. This development matters to cybersecurity practitioners, as it underscores the need for a distinct threat model that accounts for the unique characteristics of state-sponsored attacks, rather than relying on traditional approaches focused on criminal activity.
North Korean hackers targeted ethnic Koreans in China with Android ‘BirdCall’ malware
⚠️ Critical Alert
Why This Matters
State-aligned activity involving China shifts the threat model from criminal to geopolitical — different playbook required.
References
- The Record. (2026, May 7). North Korean hackers targeted ethnic Koreans in China with Android ‘BirdCall’ malware. The Record Cyber. https://therecord.media/north-korean-hackers-target-ethnic-koreans-in-china
Original Source
The Record Cyber
Read original →