720-891-1663

Return to the list of client alerts

CISA Warns of North Korea Attack Against Defense and Aerospace

While we keep talking about attacks from China and Russia, we need to be conscious of attacks from other countries. While China and Russia are formidable hackers, they are not the only formidable hackers.

Today, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (DHS CISA) published an Alert.

The alert identifies a North Korean malware tool, called a Remote Access Trojan or RAT. A RAT is a tool which, once deployed on a victim’s computer, can do anything a user can do and in many cases, more than the user can do such as disabling security. They call this trojan BLINDINGCAN.

The malware starts by sending malicious phishing emails posing as recruiters to targeted defense and aerospace employees. These people are asked to go through an interview process. During this process they receive malicious Office and PDF documents.

The last step in this process is to deploy the Remote Access Trojan software on the candidate’s computer.

From there, it is game over.

The purpose here is to, ultimately, steal defense and aerospace secrets. Once they have installed this trojan on the victim’s computer, they OWN the computer and ultimately your data.

One thing to ponder.

Do you think that North Korea will ignore the data in other industries like finance and manufacturing? Just because? I. DON’T. THINK. SO!!

While BLINDINGCAN is the focus of today’s alert, do not lose sight of the fact that Remote Access Trojans are an effective tool for hackers around the world, including North Korea, but also many other countries. Done right, these RATs do not leave any visible symptoms of their dirty work.

CISA’s alert can be read here.