CISA and the FBI have shared details on a piece of malware that North Korean threat actors likely used in attacks targeting employees of various defense organizations. BLINDINGCAN was apparently used in “Dream Job,” a campaign active since the beginning of this year, which hit defense and governmental companies in Israel and globally by targeting specific employees with highly appealing job offerings. The malware can collect hardware and software details about the victim’s system, and give hackers remote access to its file system.
The campaign appears to have been orchestrated by North-Korea-linked group Lazarus, also known as Hidden Cobra. Lazarus has been involved in numerous high profile attacks, such as the WannaCry outbreak in 2017, the $81 million Bangladesh bank theft, and recent attacks on crypto-currency exchanges.