Security News > 2020 > August > U.S. Details North Korean Malware Used in Attacks on Defense Organizations
The Cybersecurity and Infrastructure Security Agency and the Federal Bureau of Investigation have shared details on a piece of malware North Korean threat actors likely used in attacks targeting employees of defense organizations in Israel and other countries.
Dubbed BLINDINGCAN, the malware was apparently used in "Dream Job," a campaign active since the beginning of this year, which hit dozens of defense and governmental companies in Israel and globally by targeting specific employees with highly appealing job offerings.
Over the past couple of years, the United States Cyber Command has shared various malware samples associated with the group, but only a malware analysis report has been published for the BLINDINGCAN remote access Trojan.
The report reveals that the HIDDEN COBRA actors "Are using malware variants in conjunction with proxy servers to maintain a presence on victim networks and to further network exploitation." Moreover, the FBI and CISA reveal that North Korean hackers have been observed targeting government contractors this year, to harvest data on military and energy technologies.
"The malicious documents employed in this campaign used job postings from leading defense contractors as lures and installed a data gathering implant on a victim's system. This campaign utilized compromised infrastructure from multiple countries to host its command and control infrastructure and distribute implants to a victim's system," the report reads.
News URL
Related news
- DarkGate Malware Exploited Recently Patched Microsoft Flaw in Zero-Day Attack (source)
- From Deepfakes to Malware: AI's Expanding Role in Cyber Attacks (source)
- New BunnyLoader Malware Variant Surfaces with Modular Attack Features (source)
- Over 100 US and EU orgs targeted in StrelaStealer malware attacks (source)
- Hackers Hit Indian Defense, Energy Sectors with Malware Posing as Air Force Invite (source)
- New ZenHammer Attack Bypasses RowHammer Defenses on AMD CPUs (source)
- Strengthening defenses against nation-state and for-profit cyber attacks (source)
- The Biggest Takeaways from Recent Malware Attacks (source)
- Google Chrome Adds V8 Sandbox - A New Defense Against Browser Attacks (source)
- Critical Flaws Leave 92,000 D-Link NAS Devices Vulnerable to Malware Attacks (source)