North Korean Hackers Spreading Trojanized Versions of PuTTY Client Application

Home/Internet Security, Security Advisory, Security Update/North Korean Hackers Spreading Trojanized Versions of PuTTY Client Application

North Korean Hackers Spreading Trojanized Versions of PuTTY Client Application

Researchers believe that hackers with links to North Korean government have been pushing the Trojanized Version of PuTTY networking tool in a bid to hack the networks of organizations they wish to monitor.

Researchers from security firm Mandiant said on Thursday that at least one customer it serves had an employee who installed the fake network utility by accident.

The incident caused the employer to become infected with a backdoor tracked by researchers as Airdry.v2. The file was transmitted by a group Mandiant tracks as UNC4034.

“Mandiant identified several overlaps between UNC4034 and threat clusters we suspect have a North Korean nexus,” company researchers wrote. “The AIRDRY.V2 C2 URLs belong to compromised website infrastructure previously leveraged by these groups and reported in several OSINT sources.”

PuTTY is an open-source secure shell application and telnet. The secure versions are authenticated by the official developer. The version that was sent in the WhatsApp message was not signed by the official developer.

Mandiant said it was able to contain the compromise before any further post-exploitation activities could take place following the deployment of the implant.

The development is yet another sign that the use of ISO files for initial access is gaining traction among threat actors to deliver both commodity and targeted malware.

IOCS

90adcfdaead2fda42b9353d44f7a8ceb

6d1a88fefd03f20d4180414e199eb23a

8368bb5c714202b27d7c493c9c0306d7

18c873c498f5b90025a3c33b17031223

c650b716f9eb0bd6b92b0784719081cd

Follow Us on: Twitter, InstagramFacebook to get the latest security news!

By | 2022-09-16T20:13:57+05:30 September 16th, 2022|Internet Security, Security Advisory, Security Update|

About the Author:

FirstHackersNews- Identifies Security

Leave A Comment

Subscribe to our newsletter to receive security tips everday!