North Korean hacking collective Lazarus Group has been using a new type of “sophisticated” malware as part of its fake employment scams — which researchers warn is far more challenging to detect than its predecessor.According to a Sept. 29 post from ESET’s senior malware researcher Peter Kálnai, while analyzing a recent fake job attack against a Spain-based aerospace firm, ESET researchers discovered a publicly undocumented backdoor named LightlessCan. #ESET researchers unveiled their findings about an attack by the North Korea-linked #APT group #Lazarus that took aim at an aerospace company in Spain.▶️ Find out more in a #WeekinSecurity video with @TonyAtESET. pic.twitter.com/M94J200VQx— ESET (@ESET) September 29, 2023 The Lazarus Group’s fake job scam typically involves tricking victims with a potential offer of employment at a well-known firm. The attackers would entice victims to download a malicious payload masqueraded as documents to do all sorts of damage. However, Kálnai says the new LightlessCan payload is a “significant advancement” compared to its predecessor BlindingCan.“LightlessCan mimics the functionalities of a wide range of native Windows commands, enabling discreet execution within the RAT itself instead of noisy console executions.”“This approach offers a significant advantage in terms of stealthiness, both in evading real-time monitoring solutions like EDRs, and postmortem digital forensic tools,” he said. ️‍♂️ Beware of fake LinkedIn recruiters! Find out how Lazarus group exploited a Spanish aerospace company via trojanized coding challenge. Dive into the details of their cyberespionage campaign in our latest #WeLiveSecurity article. #ESET #ProgressProtected— ESET (@ESET) September 29, 2023 The new payload also uses what the researcher calls “execution guardrails” — ensuring that the payload can only be decrypted on the intended victim’s machine, thereby avoiding unintended decryption by security researchers. Kálnai said that one case that involved the new malware came from an attack on a Spanish aerospace firm when an employee received a message from a fake Meta recruiter named Steve Dawson in 2022.Soon after, the hackers sent over the two simple coding challenges embedded with the malware. The initial contact by the attacker impersonating a recruiter from Meta. Source: WeLiveSecurity.Cyberespionage was the main motivation behind Lazarus Group’s attack on the Spain-based aerospace firm, he added.Since 2016, North Korean hackers have stolen an estimated $3.5 billion from cryptocurrency projects, according to a Sept. 14 report by blockchain forensics firm Chainalysis.In September 2022, cybersecurity firm SentinelOne warned of a fake job scam on LinkedIn, offering potential victims a job at Crypto.com as part of a campaign dubbed “Operation Dream Job. Meanwhile, the United Nations has beetrying to curtail North Korea’s cybercrime tactics at the international level — as it is understood North Korea is using the stolen funds to support its nuclear missile program.

North Korea Lazarus Hackers Blamed for $100 Million Horizon Bridge Heist

North Korea Lazarus Hackers Blamed for $100 Million Horizon Bridge Heist

Home › Cyberwarfare North Korea Lazarus Hackers Blamed for $100 Million Horizon Bridge Heist By Ryan Naraine on June 30, 2022 Tweet The infamous North Korean Lazarus hacking group is the prime suspect in the $100 million hack of Harmony’s Horizon Bridge, according to new data and research from blockchain analytics firm Elliptic. The multi-million compromise, confirmed by Harmony earlier this…

View On WordPress

CISA warns of BLINDINGCAN, a new strain of North Korean malware

Source: https://www.zdnet.com/article/cisa-warns-of-blindingcan-a-new-strain-of-north-korean-malware/

More info: https://us-cert.cisa.gov/ncas/analysis-reports/ar20-232a

RT @TheHackersNews: Oh, JOBS! Hackers posing as recruiters in #malware attacks. FBI and CISA are warning companies about a new malware, dubbed 'BLINDINGCAN,' which North Korean hackers are using to spy on high-value employees at targeted government contractors. https://t.co/3BWoH5JNZl #infosec (via Twitter http://twitter.com/TheHackersNews/status/1296762636923617280)

Malware più diffusi di gennaio: Emotet e Blindingcan preoccupano ancora - Bitmat

Malware più diffusi di gennaio: Emotet e Blindingcan preoccupano ancora – Bitmat

#Cloudcity | #ITNews | @SilvioTorre https://www.bitmat.it/blog/portale-bitmat/portale-evidenza/malware-piu-diffusi-di-gennaio-emotet-e-blindingcan-preoccupano-ancora/ Malware più diffusi di gennaio: Emotet e Blindingcan preoccupano ancora  Bitmat

View On WordPress

लाजर हमलावरों ने आईटी आपूर्ति श्रृंखला की ओर रुख किया

लाजर हमलावरों ने आईटी आपूर्ति श्रृंखला की ओर रुख किया

Kaspersky शोधकर्ताओं ने देखा कि उत्तर कोरियाई राज्य APT ने लातवियाई आईटी विक्रेता और फिर दक्षिण कोरियाई थिंक टैंक को भंग करने के लिए BlindingCan RAT के एक नए संस्करण का उपयोग किया है। . Source link

View On WordPress

Hackers Target Defense Contractors' Employees By Posing as Recruiters

Dubbed 'BLINDINGCAN,' the advanced remote access trojan acts as a backdoor when installed on compromised computers.

The United States Cybersecurity and Infrastructure Security Agency (CISA) has published a new report warning companies about a new in-the-wild malware that North Korean hackers are reportedly using to spy on key employees at government contracting companies.

According to the FBI and CISA, North Korean state-sponsored hackers Lazarus Group, also known as Hidden Cobra, are spreading BLINDINGCAN to "gather intelligence surrounding key military and energy technologies."

To achieve this, attackers first identify high-value targets, perform extensive research on their social and professional networks, and then pose as recruiters to send malicious documents loaded with the malware, masquerading as job advertisements and offerings.

The CISA report says that attackers are remotely controlling BLINDINGCAN malware through compromised infrastructure from multiple countries, allowing them to:

- Retrieve information about all installed disks, including the disk type and the amount of free space on the disk

- Create, start, and terminate a new process and its primary thread

- Search, read, write, move, and execute files

- Get and modify file or directory timestamps

- Change the current directory for a process or file

- Delete malware and artifacts associated with the malware from the infected system.

Cybersecurity companies Trend Micro and ClearSky also documented this campaign in a detailed report explaining the whole methodology and concept of the attack.

Click here to read the full article at Thehackernews.com

via Twitter https://twitter.com/PatrickCMiller

美國公布北韓駭客所使用的RAT惡意程式 美國公布北韓駭客所使用的RAT惡意程式. 由北韓Hidden Cobra駭客集團打造的Blindingcan木馬，鎖定美國政府的承包商發動供應鏈攻擊以竊取軍事及能源 ... https://ift.tt/3j1U8U2

CISA warns of BLINDINGCAN, a new strain of North Korean malware

CISA warns of BLINDINGCAN, a new strain of North Korean malware

[ad_1]

The US Cybersecurity and Infrastructure Security Agency (CISA) has published a security alert today containing details about a new strain of malware that was seen this year deployed by North Korean government hackers.

This new malware was spotted in attacks that targeted US and foreign companies active in the military defense and aerospace sectors, sources in the infosec community have…

View On WordPress

US-Cert warns of North Korean BLINDINGCAN malware #blindingcan #cyberattackphishing #hacking #malware #northkorea #security #hacking #hacker #cybersecurity #hack #ethicalhacking #hacknews

Oh, JOBS! Hackers posing as recruiters in #malware attacks. FBI and CISA are warning companies about a new malware, dubbed 'BLINDINGCAN,' which North Korean hackers are using to spy on high-value employees at targeted government contractors. https://t.co/3BWoH5JNZl #infosec (via Twitter http://twitter.com/TheHackersNews/status/1296535109282086913)

US Alert Reveals New North Korean BLINDINGCAN RAT #security #privacy #cloud #cyber #cybersecurity #infosec #infraguard #government #contractor https://bit.ly/2E1zHI0 from @philmuncaster

BLINDINGCAN Remote Access Trojan [HIDDEN COBRA]

BLINDINGCAN Remote Access Trojan [HIDDEN COBRA]

The FBI has high confidence that HIDDEN COBRA actors are using malware variants in conjunction with proxy servers to maintain a presence on victim networks and to further network exploitation. This malware variant has been identified as BLINDINGCAN.

BLINDINGCAN is initially delivered via Microsoft Office attachments distributed in sophisticated spear-phishing campaigns.

A threat group…

View On WordPress

New North Korean Malware Can Reportedly Remove Itself from Compromised Systems

New North Korean Malware Can Reportedly Remove Itself from Compromised Systems

INTRO:The US Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) have claimed that North Korean state-sponsored hackers are using a remote access Trojan (RAT), dubbed BLINDINGCAN, to focus on American government contractors within the defense, aerospace and energy sectors. The apparent purpose of the attacks, which started earlier this year, is to…

View On WordPress