Shout-out to whoever went to Black Hat and had North Korean malware on their PC

2022-08-25 09:24

The folks tasked with defending the Black Hat conference network see a lot of weird, sometimes hostile activity, and this year it included malware linked to Kim Jong-un's agents.

Of course, not all of the malware detected at Black Hat is intended to infect devices and perform nefarious acts - some of it stems from simulated attacks in classrooms and on the show floor.

The security firm's hunters - Peter Rydzynski, Austin Tippett, Blake Cahen, Michael Leardi, Keith Li, and Jeremy Miller - said they did uncover "Several" active malware infections on the network including Shlayer, North Korean-attributed SHARPEXT, and NetSupport RAT. Let's start with the code that has ties to the Supreme Leader himself.

"During the conference, we observed numerous callouts from four unique hosts to three domains associated with the North Korean malware SHARPEXT," the threat hunters documented.

"Given North Korean threat actors' demonstrated interest in compromising security researchers over the past two years, our observation of the North Korean SHARPEXT malware on the Black Hat network is notable in itself due to its use by so many cyber researchers and security employees," according to IronNet's team.

Shlayer malware download. In addition to SHARPEXT, the NOC also observed a Shlayer malware infection that had fully compromised a victim's computer, we're told.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/08/25/north_korean_malware_black_hat/

#blackhat #malware #northkorean