Η CISA posted a warning about a new one malware, BLINDINGCAN, used by North Korean hackers.
This new malware was detected in targeted attacks American and foreign companies, operating in its field military defense and aerospace. These attacks have also been reported in her reports McAfee and ClearSky.
In all the attacks, the North Korean hackers appeared as recruiters of large companies, in order to reach employees in the desired Companies.
The final payload in these attacks is the focus of CISA alert. This is a remote access trojan (RAT), which CISA calls BLINDINGCAN (in the ClearSky report is called DRATzarus).
CISA experts say North Korean hackers used malware to gain access to victims' systems and gather information on key military and energy technologies.
This was possible through the advanced capabilities of BLINDINGCAN, which allow the following:
- Retrieve information about all installed disks, including disk type and free disk space
- Get operating system (OS) version information
- Get information about the processor
- Get a system name
- Get information about your local IP address
- Obtaining the MAC (media access control) address of the victims
- Create, start and end a new process
- Search, read, write, move and run files
- Modify files
- Remove malware from the infected system
The CISA notice includes indicators violation and other technical details that can help system administrators and security professionals scan their networks for signs of infection.
Is 35th time the US government issued a security warning for malicious activity of North Korean hackers. As of May 12, 2017, CISA has published reports of 31 malware by these hackers.
The government hackers North Korea is one of the most frequent threats which have targeted the US in recent years, along with Chinese, Iranian and Russian hacking groups.
In a report published last month, The U.S. military has revealed that many of North Korea's hackers act from abroad and not just from their country.