Hackers Target Defense Contractors' Employees By Posing as Recruiters
Dubbed 'BLINDINGCAN,' the advanced remote access trojan acts as a backdoor when installed on compromised computers.
The United States Cybersecurity and Infrastructure Security Agency (CISA) has published a new report warning companies about a new in-the-wild malware that North Korean hackers are reportedly using to spy on key employees at government contracting companies.
According to the FBI and CISA, North Korean state-sponsored hackers Lazarus Group, also known as Hidden Cobra, are spreading BLINDINGCAN to "gather intelligence surrounding key military and energy technologies."
To achieve this, attackers first identify high-value targets, perform extensive research on their social and professional networks, and then pose as recruiters to send malicious documents loaded with the malware, masquerading as job advertisements and offerings.
The CISA report says that attackers are remotely controlling BLINDINGCAN malware through compromised infrastructure from multiple countries, allowing them to:
- Retrieve information about all installed disks, including the disk type and the amount of free space on the disk
- Create, start, and terminate a new process and its primary thread
- Search, read, write, move, and execute files
- Get and modify file or directory timestamps
- Change the current directory for a process or file
- Delete malware and artifacts associated with the malware from the infected system.
Cybersecurity companies Trend Micro and ClearSky also documented this campaign in a detailed report explaining the whole methodology and concept of the attack.
Click here to read the full article at Thehackernews.com
North Korean Hackers Posing as Recruiters Target Defence Contractors' Employees With BLINDINGCAN Malware
