{"id":127797,"date":"2025-09-27T00:13:46","date_gmt":"2025-09-26T18:43:46","guid":{"rendered":"https:\/\/www.techworm.net\/?p=127797"},"modified":"2025-09-27T00:13:46","modified_gmt":"2025-09-26T18:43:46","slug":"north-korean-hackers-deploy-new-akdoortea-backdoor","status":"publish","type":"post","link":"https:\/\/www.techworm.net\/2025\/09\/north-korean-hackers-deploy-new-akdoortea-backdoor.html","title":{"rendered":"North Korean Hackers Deploy New \u201cAkdoorTea\u201d Backdoor"},"content":{"rendered":"<p>North Korean hackers are intensifying their global campaign against cryptocurrency and Web3 developers, using a new backdoor called <em data-start=\"359\" data-end=\"370\">AkdoorTea<\/em> to infiltrate victims\u2019 systems, according to a fresh research from Slovak cybersecurity firm ESET.<\/p>\n<p>The operation, tracked under the name <em>DeceptiveDevelopment<\/em>, overlaps with campaigns known as<em> Contagious Interview<\/em>, <em>DEV#POPPER<\/em>, and <em>Void Dokkaebi<\/em>.<\/p>\n<p>The attackers primarily target software developers across Windows, Linux, and macOS environments by impersonating recruiters on job-hunting platforms such as LinkedIn, Upwork, Freelancer, and Crypto Jobs List, and lure them into downloading malware-laced projects.<\/p>\n<p>&#8220;DeceptiveDevelopment&#8217;s toolset is mostly multi-platform and consists of initial obfuscated malicious scripts in Python and JavaScript, basic backdoors in Python and Go, and a dark web project in .NET,&#8221; ESET researchers Peter K\u00e1lnai and Mat?j Havr\u00e1nek\u00a0<a href=\"https:\/\/www.welivesecurity.com\/en\/eset-research\/deceptivedevelopment-from-primitive-crypto-theft-to-sophisticated-ai-based-deception\/\" target=\"_blank\" rel=\"noopener nofollow noreferrer\" data-wpel-link=\"external\">wrote<\/a> in a report published on Thursday.<\/p>\n<p><strong>How The Scam Works <\/strong><strong>\u00a0<\/strong><\/p>\n<p>The attackers impersonate recruiters offering fake, lucrative job opportunities to attract their targets\u2019 interest. Once a target shows interest in a fake job offer, they are directed to complete the following challenges:<\/p>\n<p><strong>Coding Assignments<\/strong> \u2013 cloning trojanized GitHub projects that secretly install malware.<\/p>\n<p><strong>Video Assessments<\/strong> \u2013 fake interview sites that display fake camera or microphone errors and prompt victims to run terminal commands (the \u201cClickFix\u201d technique).<\/p>\n<p>The hackers\u2019 toolkit includes information-stealing malware:<\/p>\n<ul>\n<li data-start=\"1262\" data-end=\"1389\"><strong data-start=\"1262\" data-end=\"1310\">BeaverTail, InvisibleFerret, and WeaselStore<\/strong> \u2013 information-stealing malware capable of exfiltrating data from cryptocurrency wallets, keychains, and saved browser logins.<\/li>\n<li><strong>TsunamiKit<\/strong> \u2013 a multi-stage toolkit that sets persistence, deploys .NET spyware, and installs crypto miners like XMRig and NBMiner.<\/li>\n<li data-start=\"1666\" data-end=\"1820\"><strong data-start=\"1666\" data-end=\"1679\">Tropidoor and PostNapTea<\/strong> \u2013 sophisticated remote access trojans linked to Lazarus operations, with capabilities like screen capturing, system reconnaissance, and file manipulation.<\/li>\n<li data-start=\"1666\" data-end=\"1820\"><strong data-start=\"1666\" data-end=\"1679\">AkdoorTea<\/strong> \u2013 the latest payload, hidden inside a file disguised as an NVIDIA driver update, enabling remote control after launching via BeaverTail.<\/li>\n<\/ul>\n<p><strong>Hybrid Threat Model<\/strong><strong>\u00a0<\/strong><\/p>\n<p>ESET points out that the campaign is tied to North Korea\u2019s covert IT worker scheme, known as <em>WageMole<\/em>. In this operation, workers use stolen or AI-generated identities to secure remote jobs, even relying on real-time face-swapping tools during video interviews. Information stolen through malware campaigns is then recycled to make these fraudulent employment schemes more effective.<\/p>\n<p><strong>Implications<\/strong><\/p>\n<p>ESET researchers note that <em data-start=\"3481\" data-end=\"3503\">DeceptiveDevelopment<\/em> depends less on technical sophistication and more on creative social engineering and the reuse of dark web tooling.<\/p>\n<p>\u201cDespite often lacking technical sophistication, the group compensates through scale and creative social engineering. Its campaigns demonstrate a pragmatic approach, exploiting open-source tooling, reusing available dark web projects, adapting malware probably rented from other North Korea-aligned groups, and leveraging human vulnerabilities through fake job offers and interview platforms,\u201d ESET researchers added.<\/p>\n<p>\u201cThe activities of North Korean IT workers constitute a hybrid threat. This fraud-for-hire scheme combines classical criminal operations, such as identity theft and synthetic identity fraud, with digital tools, which classify it as both a traditional crime and a cybercrime (or e-crime).&#8221;<\/p>\n<p><strong>A Dual Threat: Malware And Fraudulent Hiring<\/strong><\/p>\n<p>Experts warn that North Korea\u2019s hackers are combining malware-driven crypto theft with fraudulent IT hiring, underscoring the blurred lines between state-sponsored espionage and organized cybercrime. This creates a hybrid threat that puts both developers and employers at risk.<\/p>\n<p>Job seekers risk system compromise, while companies risk unknowingly hiring sanctioned North Korean operatives who may later become insider threats &#8211; highlighting the urgent need for stronger hiring checks and more vigilant cybersecurity defenses.<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>North Korean hackers are intensifying their global campaign against cryptocurrency and Web3 developers, using a new backdoor called AkdoorTea to infiltrate victims\u2019 systems, according to a fresh research from Slovak cybersecurity firm ESET. The operation, tracked under the name DeceptiveDevelopment, overlaps with campaigns known as Contagious Interview, DEV#POPPER, and Void Dokkaebi. The attackers primarily target [&hellip;]<\/p>\n","protected":false},"author":20,"featured_media":127799,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[15724,48520,3141],"tags":[64507,63935,63930,2333,64509,63030,63032,63936,545,9855,6772,10726,64515,64513,64514,64512,64510,64511,64508],"class_list":{"0":"post-127797","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-cryptocurrency","8":"category-cyber-security","9":"category-news","10":"tag-akdoortea","11":"tag-beavertail","12":"tag-contagious-interview","13":"tag-cryptocurrency","14":"tag-deceptivedevelopment","15":"tag-devpopper","16":"tag-fake-job-offer","17":"tag-invisibleferret","18":"tag-linux-2","19":"tag-macos","20":"tag-malware","21":"tag-north-korean-hackers","22":"tag-north-korean-it-workers","23":"tag-postnaptea","24":"tag-tropidoor","25":"tag-tsunamikit","26":"tag-void-dokkaebi","27":"tag-weaselstore","28":"tag-web3-developers"},"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.2 (Yoast SEO v27.2) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>North Korean Hackers Deploy New \u201cAkdoorTea\u201d Backdoor &#187; TechWorm<\/title>\n<meta name=\"description\" content=\"North Korean hackers are stepping up their attacks on cryptocurrency and Web3 developers with a new backdoor called AkdoorTea.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.techworm.net\/2025\/09\/north-korean-hackers-deploy-new-akdoortea-backdoor.html\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"North Korean Hackers Deploy New \u201cAkdoorTea\u201d Backdoor\" \/>\n<meta property=\"og:description\" content=\"North Korean hackers are intensifying their global campaign against cryptocurrency and Web3 developers, using a new backdoor called AkdoorTea to\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.techworm.net\/2025\/09\/north-korean-hackers-deploy-new-akdoortea-backdoor.html\" \/>\n<meta property=\"og:site_name\" content=\"TechWorm\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/techworm.in\" \/>\n<meta property=\"article:author\" content=\"https:\/\/www.facebook.com\/techbug9\" \/>\n<meta property=\"article:published_time\" content=\"2025-09-26T18:43:46+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.techworm.net\/wp-content\/uploads\/2025\/09\/northkorean-hackers-backdoor-cover.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"675\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Kavita Iyer\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@Purplemoonkavs\" \/>\n<meta name=\"twitter:site\" content=\"@Techworm_in\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.techworm.net\/2025\/09\/north-korean-hackers-deploy-new-akdoortea-backdoor.html#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.techworm.net\/2025\/09\/north-korean-hackers-deploy-new-akdoortea-backdoor.html\"},\"author\":{\"name\":\"Kavita Iyer\",\"@id\":\"https:\/\/www.techworm.net\/#\/schema\/person\/0bad644d3627b673312e064f7343640a\"},\"headline\":\"North Korean Hackers Deploy New \u201cAkdoorTea\u201d Backdoor\",\"datePublished\":\"2025-09-26T18:43:46+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.techworm.net\/2025\/09\/north-korean-hackers-deploy-new-akdoortea-backdoor.html\"},\"wordCount\":550,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.techworm.net\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.techworm.net\/2025\/09\/north-korean-hackers-deploy-new-akdoortea-backdoor.html#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.techworm.net\/wp-content\/uploads\/2025\/09\/northkorean-hackers-backdoor-cover.jpg\",\"keywords\":[\"AkdoorTea\",\"BeaverTail\",\"Contagious Interview\",\"cryptocurrency\",\"DeceptiveDevelopment\",\"DEV#POPPER\",\"Fake job offer\",\"InvisibleFerret\",\"Linux\",\"MacOS\",\"Malware\",\"North Korean hackers\",\"North Korean IT workers\",\"PostNapTea\",\"Tropidoor\",\"TsunamiKit\",\"Void Dokkaebi\",\"WeaselStore\",\"Web3 developers\"],\"articleSection\":[\"Cryptocurrency\",\"Cyber Security\",\"News\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.techworm.net\/2025\/09\/north-korean-hackers-deploy-new-akdoortea-backdoor.html#respond\"]}],\"copyrightYear\":\"2025\",\"copyrightHolder\":{\"@id\":\"https:\/\/www.techworm.net\/#organization\"}},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.techworm.net\/2025\/09\/north-korean-hackers-deploy-new-akdoortea-backdoor.html\",\"url\":\"https:\/\/www.techworm.net\/2025\/09\/north-korean-hackers-deploy-new-akdoortea-backdoor.html\",\"name\":\"North Korean Hackers Deploy New \u201cAkdoorTea\u201d Backdoor &#187; TechWorm\",\"isPartOf\":{\"@id\":\"https:\/\/www.techworm.net\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.techworm.net\/2025\/09\/north-korean-hackers-deploy-new-akdoortea-backdoor.html#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.techworm.net\/2025\/09\/north-korean-hackers-deploy-new-akdoortea-backdoor.html#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.techworm.net\/wp-content\/uploads\/2025\/09\/northkorean-hackers-backdoor-cover.jpg\",\"datePublished\":\"2025-09-26T18:43:46+00:00\",\"description\":\"North Korean hackers are stepping up their attacks on cryptocurrency and Web3 developers with a new backdoor called AkdoorTea.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.techworm.net\/2025\/09\/north-korean-hackers-deploy-new-akdoortea-backdoor.html#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.techworm.net\/2025\/09\/north-korean-hackers-deploy-new-akdoortea-backdoor.html\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.techworm.net\/2025\/09\/north-korean-hackers-deploy-new-akdoortea-backdoor.html#primaryimage\",\"url\":\"https:\/\/www.techworm.net\/wp-content\/uploads\/2025\/09\/northkorean-hackers-backdoor-cover.jpg\",\"contentUrl\":\"https:\/\/www.techworm.net\/wp-content\/uploads\/2025\/09\/northkorean-hackers-backdoor-cover.jpg\",\"width\":1200,\"height\":675,\"caption\":\"North Korean deploys backdoor Akdoortea\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.techworm.net\/2025\/09\/north-korean-hackers-deploy-new-akdoortea-backdoor.html#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.techworm.net\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"News\",\"item\":\"https:\/\/www.techworm.net\/category\/news\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"North Korean Hackers Deploy New \u201cAkdoorTea\u201d Backdoor\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.techworm.net\/#website\",\"url\":\"https:\/\/www.techworm.net\/\",\"name\":\"TechWorm\",\"description\":\"The Tech Hub\",\"publisher\":{\"@id\":\"https:\/\/www.techworm.net\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.techworm.net\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.techworm.net\/#organization\",\"name\":\"Techworm\",\"url\":\"https:\/\/www.techworm.net\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.techworm.net\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.techworm.net\/wp-content\/uploads\/2019\/12\/TECHWORM-FOOTER-LOGO.png\",\"contentUrl\":\"https:\/\/www.techworm.net\/wp-content\/uploads\/2019\/12\/TECHWORM-FOOTER-LOGO.png\",\"width\":300,\"height\":64,\"caption\":\"Techworm\"},\"image\":{\"@id\":\"https:\/\/www.techworm.net\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/techworm.in\",\"https:\/\/x.com\/Techworm_in\",\"https:\/\/www.instagram.com\/techworm_in\/\",\"https:\/\/www.linkedin.com\/company\/9221219\",\"https:\/\/www.youtube.com\/channel\/UCpa9W_3YE1c9Iu4j2ifxzsg\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.techworm.net\/#\/schema\/person\/0bad644d3627b673312e064f7343640a\",\"name\":\"Kavita Iyer\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/5b0dce85b2cf49a0bb24826eb3d6315cd1f8f75a202563ba2d1985358c134ff7?s=96&d=wavatar&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/5b0dce85b2cf49a0bb24826eb3d6315cd1f8f75a202563ba2d1985358c134ff7?s=96&d=wavatar&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/5b0dce85b2cf49a0bb24826eb3d6315cd1f8f75a202563ba2d1985358c134ff7?s=96&d=wavatar&r=g\",\"caption\":\"Kavita Iyer\"},\"description\":\"An individual, optimist, homemaker, foodie, a die hard cricket fan and most importantly one who believes in Being Human!!!\",\"sameAs\":[\"https:\/\/www.techworm.net\",\"https:\/\/www.facebook.com\/techbug9\",\"https:\/\/x.com\/Purplemoonkavs\"],\"url\":\"https:\/\/www.techworm.net\/author\/kavita-iyer\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"North Korean Hackers Deploy New \u201cAkdoorTea\u201d Backdoor &#187; TechWorm","description":"North Korean hackers are stepping up their attacks on cryptocurrency and Web3 developers with a new backdoor called AkdoorTea.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.techworm.net\/2025\/09\/north-korean-hackers-deploy-new-akdoortea-backdoor.html","og_locale":"en_US","og_type":"article","og_title":"North Korean Hackers Deploy New \u201cAkdoorTea\u201d Backdoor","og_description":"North Korean hackers are intensifying their global campaign against cryptocurrency and Web3 developers, using a new backdoor called AkdoorTea to","og_url":"https:\/\/www.techworm.net\/2025\/09\/north-korean-hackers-deploy-new-akdoortea-backdoor.html","og_site_name":"TechWorm","article_publisher":"https:\/\/www.facebook.com\/techworm.in","article_author":"https:\/\/www.facebook.com\/techbug9","article_published_time":"2025-09-26T18:43:46+00:00","og_image":[{"width":1200,"height":675,"url":"https:\/\/www.techworm.net\/wp-content\/uploads\/2025\/09\/northkorean-hackers-backdoor-cover.jpg","type":"image\/jpeg"}],"author":"Kavita Iyer","twitter_card":"summary_large_image","twitter_creator":"@Purplemoonkavs","twitter_site":"@Techworm_in","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.techworm.net\/2025\/09\/north-korean-hackers-deploy-new-akdoortea-backdoor.html#article","isPartOf":{"@id":"https:\/\/www.techworm.net\/2025\/09\/north-korean-hackers-deploy-new-akdoortea-backdoor.html"},"author":{"name":"Kavita Iyer","@id":"https:\/\/www.techworm.net\/#\/schema\/person\/0bad644d3627b673312e064f7343640a"},"headline":"North Korean Hackers Deploy New \u201cAkdoorTea\u201d Backdoor","datePublished":"2025-09-26T18:43:46+00:00","mainEntityOfPage":{"@id":"https:\/\/www.techworm.net\/2025\/09\/north-korean-hackers-deploy-new-akdoortea-backdoor.html"},"wordCount":550,"commentCount":0,"publisher":{"@id":"https:\/\/www.techworm.net\/#organization"},"image":{"@id":"https:\/\/www.techworm.net\/2025\/09\/north-korean-hackers-deploy-new-akdoortea-backdoor.html#primaryimage"},"thumbnailUrl":"https:\/\/www.techworm.net\/wp-content\/uploads\/2025\/09\/northkorean-hackers-backdoor-cover.jpg","keywords":["AkdoorTea","BeaverTail","Contagious Interview","cryptocurrency","DeceptiveDevelopment","DEV#POPPER","Fake job offer","InvisibleFerret","Linux","MacOS","Malware","North Korean hackers","North Korean IT workers","PostNapTea","Tropidoor","TsunamiKit","Void Dokkaebi","WeaselStore","Web3 developers"],"articleSection":["Cryptocurrency","Cyber Security","News"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.techworm.net\/2025\/09\/north-korean-hackers-deploy-new-akdoortea-backdoor.html#respond"]}],"copyrightYear":"2025","copyrightHolder":{"@id":"https:\/\/www.techworm.net\/#organization"}},{"@type":"WebPage","@id":"https:\/\/www.techworm.net\/2025\/09\/north-korean-hackers-deploy-new-akdoortea-backdoor.html","url":"https:\/\/www.techworm.net\/2025\/09\/north-korean-hackers-deploy-new-akdoortea-backdoor.html","name":"North Korean Hackers Deploy New \u201cAkdoorTea\u201d Backdoor &#187; TechWorm","isPartOf":{"@id":"https:\/\/www.techworm.net\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.techworm.net\/2025\/09\/north-korean-hackers-deploy-new-akdoortea-backdoor.html#primaryimage"},"image":{"@id":"https:\/\/www.techworm.net\/2025\/09\/north-korean-hackers-deploy-new-akdoortea-backdoor.html#primaryimage"},"thumbnailUrl":"https:\/\/www.techworm.net\/wp-content\/uploads\/2025\/09\/northkorean-hackers-backdoor-cover.jpg","datePublished":"2025-09-26T18:43:46+00:00","description":"North Korean hackers are stepping up their attacks on cryptocurrency and Web3 developers with a new backdoor called AkdoorTea.","breadcrumb":{"@id":"https:\/\/www.techworm.net\/2025\/09\/north-korean-hackers-deploy-new-akdoortea-backdoor.html#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.techworm.net\/2025\/09\/north-korean-hackers-deploy-new-akdoortea-backdoor.html"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.techworm.net\/2025\/09\/north-korean-hackers-deploy-new-akdoortea-backdoor.html#primaryimage","url":"https:\/\/www.techworm.net\/wp-content\/uploads\/2025\/09\/northkorean-hackers-backdoor-cover.jpg","contentUrl":"https:\/\/www.techworm.net\/wp-content\/uploads\/2025\/09\/northkorean-hackers-backdoor-cover.jpg","width":1200,"height":675,"caption":"North Korean deploys backdoor Akdoortea"},{"@type":"BreadcrumbList","@id":"https:\/\/www.techworm.net\/2025\/09\/north-korean-hackers-deploy-new-akdoortea-backdoor.html#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.techworm.net\/"},{"@type":"ListItem","position":2,"name":"News","item":"https:\/\/www.techworm.net\/category\/news"},{"@type":"ListItem","position":3,"name":"North Korean Hackers Deploy New \u201cAkdoorTea\u201d Backdoor"}]},{"@type":"WebSite","@id":"https:\/\/www.techworm.net\/#website","url":"https:\/\/www.techworm.net\/","name":"TechWorm","description":"The Tech Hub","publisher":{"@id":"https:\/\/www.techworm.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.techworm.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.techworm.net\/#organization","name":"Techworm","url":"https:\/\/www.techworm.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.techworm.net\/#\/schema\/logo\/image\/","url":"https:\/\/www.techworm.net\/wp-content\/uploads\/2019\/12\/TECHWORM-FOOTER-LOGO.png","contentUrl":"https:\/\/www.techworm.net\/wp-content\/uploads\/2019\/12\/TECHWORM-FOOTER-LOGO.png","width":300,"height":64,"caption":"Techworm"},"image":{"@id":"https:\/\/www.techworm.net\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/techworm.in","https:\/\/x.com\/Techworm_in","https:\/\/www.instagram.com\/techworm_in\/","https:\/\/www.linkedin.com\/company\/9221219","https:\/\/www.youtube.com\/channel\/UCpa9W_3YE1c9Iu4j2ifxzsg"]},{"@type":"Person","@id":"https:\/\/www.techworm.net\/#\/schema\/person\/0bad644d3627b673312e064f7343640a","name":"Kavita Iyer","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/5b0dce85b2cf49a0bb24826eb3d6315cd1f8f75a202563ba2d1985358c134ff7?s=96&d=wavatar&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/5b0dce85b2cf49a0bb24826eb3d6315cd1f8f75a202563ba2d1985358c134ff7?s=96&d=wavatar&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/5b0dce85b2cf49a0bb24826eb3d6315cd1f8f75a202563ba2d1985358c134ff7?s=96&d=wavatar&r=g","caption":"Kavita Iyer"},"description":"An individual, optimist, homemaker, foodie, a die hard cricket fan and most importantly one who believes in Being Human!!!","sameAs":["https:\/\/www.techworm.net","https:\/\/www.facebook.com\/techbug9","https:\/\/x.com\/Purplemoonkavs"],"url":"https:\/\/www.techworm.net\/author\/kavita-iyer"}]}},"jetpack_featured_media_url":"https:\/\/www.techworm.net\/wp-content\/uploads\/2025\/09\/northkorean-hackers-backdoor-cover.jpg","_links":{"self":[{"href":"https:\/\/www.techworm.net\/wp-json\/wp\/v2\/posts\/127797","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.techworm.net\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.techworm.net\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.techworm.net\/wp-json\/wp\/v2\/users\/20"}],"replies":[{"embeddable":true,"href":"https:\/\/www.techworm.net\/wp-json\/wp\/v2\/comments?post=127797"}],"version-history":[{"count":0,"href":"https:\/\/www.techworm.net\/wp-json\/wp\/v2\/posts\/127797\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.techworm.net\/wp-json\/wp\/v2\/media\/127799"}],"wp:attachment":[{"href":"https:\/\/www.techworm.net\/wp-json\/wp\/v2\/media?parent=127797"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.techworm.net\/wp-json\/wp\/v2\/categories?post=127797"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.techworm.net\/wp-json\/wp\/v2\/tags?post=127797"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}