#Scarcruft #Dolphin #T1102.002 #T1082 #T1119 #T1567.002 #T1005 #T1113 #T1020 #T1071.001 #T1083 #T1056.001 #T1059.006 #T1059.007 #T1027 #T1555.003 #T1124 #T1518.001 #T1547.001 #T1053.005 #T1539 #T1203 #T1189 #T1016 #T1074.001 #T1106 #T1025 #T1055.002 #T1010 #T1033 #T1560.002 #T1016.001

ESET identified Dolphin, a previously undocumented ScarCruft/APT37 backdoor deployed only to selected victims after earlier-stage compromise. The 2021 attack chain used a watering-hole compromise of a South Korean online newspaper, an Internet Explorer exploit, shellcode, and the BLUELIGHT backdoor before manually delivering Dolphin. Dolphin uses Google Drive for command-and-control and supports drive and portable-device reconnaissance, file exfiltration, keylogging, screenshots, browser credential theft, and Google/Gmail security-setting manipulation in earlier versions. The report matters because it shows ScarCruft reserving more capable espionage tooling for high-value South Korean and North Korea-related targets after initial victim triage.