Friday, October 23, 02:32
Home security BLINDINGCAN: CISA warns of new North Korean malware

BLINDINGCAN: CISA warns of new North Korean malware


Η CISA posted a warning about a new one malware, BLINDINGCAN, used by North Korean hackers.

This new malware was detected in targeted attacks American and foreign companies, operating in its field military defense and aerospace. These attacks have also been reported in her reports McAfee and ClearSky.

In all the attacks, the North Korean hackers appeared as recruiters of large companies, in order to reach employees in the desired Companies.

The employees-goals were called to go through a process interview, in which received malicious Office documents or PDF, used by North Korean hackers to install malware on computers of the victims.

The final payload in these attacks is the focus of CISA alert. This is a remote access trojan (RAT), which CISA calls BLINDINGCAN (in the ClearSky report is called DRATzarus).

North Korean malware

CISA experts say North Korean hackers used malware to gain access to victims' systems and gather information on key military and energy technologies.

This was possible through the advanced capabilities of BLINDINGCAN, which allow the following:

  • Retrieve information about all installed disks, including disk type and free disk space
  • Get operating system (OS) version information
  • Get information about the processor
  • Get a system name
  • Get information about your local IP address
  • Obtaining the MAC (media access control) address of the victims
  • Create, start and end a new process
  • Search, read, write, move and run files
  • Modify files
  • Remove malware from the infected system

The CISA notice includes indicators violation and other technical details that can help system administrators and security professionals scan their networks for signs of infection.

Is 35th time the US government issued a security warning for malicious activity of North Korean hackers. As of May 12, 2017, CISA has published reports of 31 malware by these hackers.

The government hackers North Korea is one of the most frequent threats which have targeted the US in recent years, along with Chinese, Iranian and Russian hacking groups.

In April, the Foreign Ministry of USA intensified its efforts to deter North Korean attacks by creating a $ 5 million rewards program for any information about them hackers and their activities.

In a report published last month, The U.S. military has revealed that many of North Korea's hackers act from abroad and not just from their country.


Please enter your comment!
Please enter your name here

Digital Fortress
Digital Fortress
Pursue Your Dreams & Live!


How to remove Edge tabs from Alt + Tab in Windows 10

Starting with the October 2020 update, Windows 10 now displays Microsoft Edge browser tabs in the Alt + Tab task ...

Patient information is held for ransom by hackers

A company offering psychological support and psychotherapy services to thousands of patients in Finland has fallen victim to hackers. As the company stated, ...

ESafety believes that social media authentication would not be practical

Australian eSafety Commissioner Julie Inman-Grant has dismissed the practice of verifying users' identities on social media.

First beta version of the "1Password" application for Linux

One and a half months after the first rumors about the release of the 1Password application for the Linux desktop, the co-founder of Dave Teare announced now ...

The price of Bitcoin skyrockets after PayPal adds cryptocurrency

The price of Bitcoin reached a very high record on Wednesday, after the announcement of PayPal for the integration of cryptocurrency in the online ...

Dr Reddy is closing its laboratories worldwide following a data breach

The pharmaceutical company Dr Reddy 's Laboratories (DRL) was forced to close its laboratories worldwide, after a data breach that ...

PayPal lets users use cryptocurrency

PayPal on Wednesday announced a new feature that will allow users to buy, store and sell cryptocurrency.

Activists are developing face recognition technology to reveal the identities of police officers

In early September, Portland, Oregon City Council held a virtual meeting to consider legislation that ...

Tesla share rises almost 5%

Tesla's Elon Musk released the results for the third quarter of 2020 on Wednesday. The share rose almost 5% on ...

Account Takeover Attacks: How to Avoid Them?

Account Takeover (ATO) attacks are a form of theft, often used by criminals. The attackers are trying to break into accounts ...