Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

CISA’s MAR warns of North Korean BLINDINGCAN RAT

US CISA published an alert related to a new North Korean malware, dubbed BLINDINGCAN, used in attacks on the US defense and aerospace sectors. The US Cybersecurity and Infrastructure Security Agency (CISA) has published a Malware Analysis Report (MAR) that includes technical details about a new strain of malware, tracked as BLINDINGCAN, that was attributed […]

BlueNoroff lazarus APT

US CISA published an alert related to a new North Korean malware, dubbed BLINDINGCAN, used in attacks on the US defense and aerospace sectors.

The US Cybersecurity and Infrastructure Security Agency (CISA) has published a Malware Analysis Report (MAR) that includes technical details about a new strain of malware, tracked as BLINDINGCAN, that was attributed to North Korea.

According to the government experts, the BLINDINGCAN malware was employed in attacks aimed at US and foreign companies operating in the military defense and aerospace sectors.

Some of the attacks were attributed by the researchers to cyber espionage campaigns tracked as Operation North Star and Operation Dream Job.

The attack chain is similar to the one used in past campaigns, threat actors pose as recruiters at big corporations to establish contact with employees at the target organizations. The attackers use job offerings from prominent defense and aerospace entities as bait to trick victims into opening weaponized Office or PDF documents that are used to deploy malware on the victim’s computers.

According to the CISA alert, the attackers used the above technique to deliver the BLINDINGCAN  remote access trojan (RAT) (aka DRATzarus) and access the victim’s system for reconnaissance purpose.

“FBI has high confidence that HIDDEN COBRA actors are using malware variants in conjunction with proxy servers to maintain a presence on victim networks and to further network exploitation. A threat group with a nexus to North Korea targeted government contractors early this year to gather intelligence surrounding key military and energy technologies.” reads the CISA’s MAR report. “The malicious documents employed in this campaign used job postings from leading defense contractors as lures and installed a data gathering implant on a victim’s system.”

The BLINDINGCAN RAT implements the following built-in functions-:

  • Retrieve information about all installed disks, including the disk type and the amount of free space on the disk
  • Get operating system (OS) version information
  • Get Processor information
  • Get system name
  • Get local IP address information
  • Get the victim’s media access control (MAC) address.
  • Create, start, and terminate a new process and its primary thread
  • Search, read, write, move, and execute files
  • Get and modify file or directory timestamps
  • Change the current directory for a process or file
  • Delete malware and artifacts associated with the malware from the infected system

The CISA MAR also includes indicators of compromise (IoCs), Yara rules, and other technical info that could be used by system administrators to discover compromise systems within their networks.

In April, the U.S. Departments of State, the Treasury, and Homeland Security, and the Federal Bureau of Investigation released a joint advisory that is warning organizations worldwide about the ‘significant cyber threat’ posed by the North Korean nation-state actors to the global banking and financial institutions.

The advisory contains comprehensive resources on the North Korean cyber
threat that aims at helping the international community, industries, and other governments to protect their infrastructure from state-sponsored attacks. The document also includes a list of recent attacks attributed to North Korean state-sponsored hackers.

The U.S. government is also offering a monetary reward of up to $5 million to anyone who can provide ‘information about the activities carried out by North Korea-linked APT groups. The offer also includes information about past hacking campaigns.

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, BLINDINGCAN)

[adrotate banner=”5″]

[adrotate banner=”13″]