Researchers believe hackers with connections to the North Korean government have been pushing a Trojanized version of the PuTTY networking utility in an attempt to backdoor the network of organizations they want to spy on.
Researchers from security firm Mandiant said on Thursday that at least one customer it serves had an employee who installed the fake network utility by accident. The incident caused the employer to become infected with a backdoor tracked by researchers as Airdry.v2. The file was transmitted by a group Mandiant tracks as UNC4034.
“Mandiant identified several overlaps between UNC4034 and threat clusters we suspect have a North Korean nexus,” company researchers wrote. “The AIRDRY.V2 C2 URLs belong to compromised website infrastructure previously leveraged by these groups and reported in several OSINT sources.”
The threat actors posed as people recruiting the employee for a job at Amazon. They sent the target a message over WhatsApp that transmitted a file named amazon_assessment.iso. ISO files have been increasingly used in recent months to infect Windows machines because, by default, double-clicking on them causes them to mount as a virtual machine. Among other things, the image had an executable file titled PuTTY.exe.
PuTTY is an open source secure shell and telnet application. Secure versions of it are signed by the official developer. The version sent in the WhatsApp message was not signed.
The executable file installed the latest version of Airdry, a backdoor the US government has attributed to the North Korean government. The US Cybersecurity and Infrastructure Security Agency has a description here. Japan’s community emergency response team has this description of the backdoor, which is also tracked as BLINDINGCAN.
- Next Ayotzinapa: Retired Mexican general arrested over students who vanished in 2014
- Previous ‘The economy is braking hard,’ says billionaire Barry Sternlicht
8 ball pool hack 8 ball pool hack amazon gift code generator amazon gift code generator bingo blitz free credits cash app money generator cash app money generator cash app money generator coc hack coc hack coin master free spin free instagram followers garena free fire hack golf clash hack free google play gift code free google play gift code imvu credits hack free instagram followers free instagram followers fire kirin hack Onlyfans Hack Onlyfans Hack Onlyfans Hack free psn code free psn code free robux free robux free robux free robux stumble guys gems generator free tiktok followers free tiktok followers FREE Xbox Live Codes FREE Xbox Live Codes
- Is Elon Musk’s deal to buy back Twitter still active? Here’s what we know.
- “It absolutely destroyed me”: an Australian woman slams the use of the word “brave” in the fitness industry
- Lovi Poe wants more from Piolo Pascual after working with him on “Fiore del male”
- Hello Announce new album ‘Paste’, share the new single
- Over 50 Amazon Prime Day 2022 deals to help you save big on clothing, technology and home
No comments to show.