Hidden Cobra, an APT group associated with the government of North Korea, is thought to be behind the campaign.
The Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) has issued a Malware Analysis Report on BLINDINGCAN, a new remote-access Trojan variant used by North Korean threat actors. According to the report, the FBI has high confidence that Hidden Cobra, an APT group known to be associated with the government of North Korea, is using BLINDINGCAN to establish a presence on networks and exfiltrate data.
CISA says Hidden Cobra targeted government contractors earlier this year in an attempt to gather intelligence surrounding key military and energy technologies. The documents used in the campaign featured job postings from defense contractors as lures and, when opened, installed BLINDINGCAN on the victims' systems.
The report recommends organizations follow best practices regarding malicious email messages to avoid being infected by the malware.
Read more here.
About the Author(s)
You May Also Like
Defending Against Today's Threat Landscape with MDR
April 18, 2024The fuel in the new AI race: Data
April 23, 2024Securing Code in the Age of AI
April 24, 2024Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024