The U.S. intelligence watchdog today released a study on malware detection, which revealed information concerning remote access to Trojan Horse (RAT) software by North Korean hackers in an assault on U.S. government contractors. The malware is called “BLINDINGCAN,” and has been confirmed by the Cyber Security and Security Infrastructure Agency (CISA) and the Federal Investigation Bureau (FBI).
The two organizations stated that the North Korean government finances the hacker organization behind the Trojan, and that the traced hacker organization is HIDDEN COBRA (also known as the Lazarus Group and APT38). The RAT comes along with “built-in functions for remote operation,” which can implement various functions on the victim’s system, according to the analysis of different institutions.
The alert wrote: “CISA has provided a total of 4 Microsoft Word Open Extensible Markup Language (XML) documents (.docx) and two dynamic connection libraries (DLL).” However, he wrote: “The.docx file tries to bind to an external domain for access.
The 32-bit/64-bit DLL sent must mount a 32-bit/64-bit DLL named’iconcache.db’ and must be decompressed.
BLINDINGCAN malware can also erase itself from the infected device and clean its remains to prevent detection, according to the findings of CISA and FBI malware analysis.