Security News > 2020 > August > U.S. Details North Korean Malware Used in Attacks on Defense Organizations

The Cybersecurity and Infrastructure Security Agency and the Federal Bureau of Investigation have shared details on a piece of malware North Korean threat actors likely used in attacks targeting employees of defense organizations in Israel and other countries.

Dubbed BLINDINGCAN, the malware was apparently used in "Dream Job," a campaign active since the beginning of this year, which hit dozens of defense and governmental companies in Israel and globally by targeting specific employees with highly appealing job offerings.

Over the past couple of years, the United States Cyber Command has shared various malware samples associated with the group, but only a malware analysis report has been published for the BLINDINGCAN remote access Trojan.

The report reveals that the HIDDEN COBRA actors "Are using malware variants in conjunction with proxy servers to maintain a presence on victim networks and to further network exploitation." Moreover, the FBI and CISA reveal that North Korean hackers have been observed targeting government contractors this year, to harvest data on military and energy technologies.

"The malicious documents employed in this campaign used job postings from leading defense contractors as lures and installed a data gathering implant on a victim's system. This campaign utilized compromised infrastructure from multiple countries to host its command and control infrastructure and distribute implants to a victim's system," the report reads.

News URL

http://feedproxy.google.com/~r/Securityweek/~3/OYEpesqWgJY/us-details-north-korean-malware-used-attacks-defense-organizations