U.S. GOV Exposed North Korean Remote Access Trojan BLINDINGCAN That Can Hack The GOV Networks

The U.S. government agencies have recently published a report regarding a malware analysis. It is a new remote access trojan (RAT) being practiced by North Korea’s wicked Lazarus Group. 

This new malware was detected in attacks that targeted the U.S. and foreign businesses that are operating in the military defense and aerospace sectors. 

But, this whole malware was detected by the Cybersecurity and Infrastructure Security Agency CISA, and the Federal Bureau of Investigation (FBI) and is apprehended as BLINDINGCAN. 

This malware has been used earlier this year to target government networks and entrepreneurs for confidential and secret information on military and energy technologies.

BLINDINGCAN and Its Capabilities

There are some technical capabilities of BLINDINGCAN that allow RAT, and here they are mentioned below:-

• Regain information regarding all installed disks, that includes the disk type and the amount of free space on the drive.
• Perceive the operating system (OS) version information.
• Get Processor data.
• Get a system name.
• Perceive local I.P. address data.
• Get the victim’s media access control (MAC) address.
• Organize, start, and terminate a new process and its primary thread.
• Explore, read, write, move, and administer files.
• Get and transform file or directory timestamps.
• Adjust the current directory for a method or file.
• Remove the malware and artifacts affiliated with the malware from the affected system.

Domains Involved

• In total, four domains were involved in this malware, and here they are:-
• agarwalpropertyconsultants.com
• anca-aste.it
• automercado.co.cr
• curiofirenze.com

IPs Involved

There are a total of Four IPs that are involved in this malware, and here, they are:-

• 192.99.20.39
• 199.79.63.24
• 51.68.152.96
• 54.241.91.49

Recommendations Advised

The cybersecurity firm CISA has recommended that all users and administrators should consider using the following best methods to increase the security posture of their organization’s systems. Below, we have mentioned all the recommendations offered by the security experts:-

• Keep up-to-date antivirus signatures and engines.
• Conserve operating system patches up-to-date.
• Impair all the File and Printer sharing services.
• Use robust passwords or Active Directory authentication.
• Stop users from installing and operating undesired software applications.
• Execute regular password changes.
• Scan properly before opening e-mail attachments, even if the attachment is required, and the sender appears to be appreciated.
• Allow a personal firewall on company workstations, configured to deny undesirable connection requests.
• Impair unnecessary services on agency workstations and servers.
• Browse for and eliminate suspicious e-mail attachments.
• Check the users’ web browsing habits; restrict access to sites with unsuitable content.
• Practice caution while using removable media.
• Examine all software that are downloaded from the internet prior to administering it.
• Manage situational perception of the latest threats and perform appropriate Access Control Lists (ACLs).
• You can read the complete technical analysis here.

Last month the U.S. Army announced that many of North Korea’s hackers influence from abroad, not just from North Korea, from many countries like Belarus, China, India, Malaysia, and Russia. 

Moreover, The U.S. administration is also contributing a monetary reward for up to $5 million to those who can provide information about the activities conducted by North Korea-linked APT groups.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.

Also Read:

Critical Vulnerabilities in Amazon Alexa Let Hackers Steal Personal Data & Remotely Install Skills

Severe Security Vulnerabilities in the Samsung Phones Let Hackers to Launch Remote Attacks

TeamViewer Bug Let Hackers Steal System Password Remotely

Billions of Users Affected with Google Chrome Zero-Day That Allow Attackers To Fully Bypass CSP Rules

ReVoLTE – New Attack Let Hackers Spy Your Phone By Decrypt The VoLTE Secure Networks