LTS Secure Warning: US Defense And Aerospace Sector Attacked Using New Strain Of Malware

A new strain of malware has been identified to be used in recent attacks against multiple military and aerospace sectors.

 

Technical Details

The attack chain is quite similar to the one used in past campaigns, with North Korean threat actors posing as recruiters at big corporation in order to approach employees at the target companies.

The targeted employees were requested to go through an interview process, during which they were baited into opening a weaponized office or PDF document, causing the malware to be deployed on their system. The final payload in this attack is a remote access trojan (RAT) called BLINDINGCAN.

 

Impact

  • Get hardware & software information.
  • Get local IP address & MAC address information.
  • Read, write, move & execute files.
  • Launching, suspending & terminating processes & services.
  • Deletes itself at will.

 

Recommended Actions

  • Never download any suspicious attachments or click on any shady-looking link. Take an effort to educate your users on how to identify a mal-spam.
  • Always update your anti-virus software with the latest releases.
  • Periodically run “full system scan” on your endpoints.
  • Make proper security configuration for Firewall/IDS/IPS/Endpoint Protection systems so that no holes are left barred.
  • Isolate all of the compromised computers ASAP to prevent threats from spreading further inside your infrastructure.