Track Common Adversary Tasks Performed Using BLINDINGCAN

 




To know more about it, you can go through my detailed document by clicking here







Overview

BLININGCAN, a Remote Access Trojan recently used by the North Korean government in 2020 cyber operations against the various Western Europe and the USA organizations like defense, engineering, etc., in order to steal confidential intelligence and secret information.

How Does It Works?

It generally spreads via phishing emails in which the threat actors acts as the recruiters from a legitimate organization and lure the victims into opening a malicious document (an Office or PDF file) to infect their system. Once they gain access, they begin to collect all the information related to military and energy sectors. Although this attack technique is not novel, but it can still avoid AVs detection. This malware can perform following tasks:
  1. Gather local IP address details.
  2. Accumulate information about all the system's installed disks.
  3. Create, initiate, and terminate a new process.
  4. Get processor information.
  5. Read, write, execute, and move files.
  6. Upload/download files., and whatnot...

Conclusion

As North Korean hackers have always targeted the above mentioned countries' organizations along with the other countries, prevention is the best way to deal with them, which can be achieved via a robust threat response process, a secure web gateway, updated OS/software, installed as well as updated Av, etc.









To know more about it, you can go through my detailed document by clicking here






































Comments

Popular posts from this blog

Deployment (Part 3)

Deployment (Part 1)

Project Resourcing (Part 2)