Defense on North Korean Blindingcan Malware

September 2, 2020
blindingcan malware trojan rat remote access trojan north korea

A recent malware analysis report has been submitted by the US Cybersecurity and Infrastructure Security Agency (CISA) about the newly unraveled variant of an attack perpetrated by government-backed hackers from North Korea. According to their findings, the new species of malware was named ‘Blindingcan,’ in which it has believed to be more lethal and sophisticated from past malware used by allegedly the same attacking group.


Blindingcan is primarily used for Espionage and Recon

The in-depth analysis confirmed that Blindingcan is a newly developed remote access trojan application that is targeting defense organization and aerospace businesses not only in the United States but also in other prominent countries. It was mainly used for espionage and other reconnaissance mission for the benefit of the North Korean defense and military strategy. Thus, this report was submitted with high importance to heed the warning to other countries to mitigate immediate plans, if possible, avoid such infection.

Reports concluded that the attack used was the same modus operandi of the group. However, it was repurposed with a more stealthily approached. Using spear-phishing emails with interesting subjects, targeting those who are most vulnerable during the pandemic. The malware is crafted with enhanced features such as sensitive data scanning and transfer for system information like Operating System, processor, designated name, disk management information, IP and port addresses, and other functionality such as directory reconfiguration, file, and process remote execution. All can be transferred to remote storage controlled by the perpetrators that were transmitted via untraceable addresses. But the feature that makes it more virulent is the malware can self-destruct with remnants of its executory file from the infected system to be able to deceive any security application imposed on the network and do its hideous activity under the radar.

These discoveries about Blindingcan has been passed on to different cybersecurity experts and community for them to be aware and be able to mitigate a fight such attack from the perpetrators arise. It also includes documentation of indicators checklist that they can seek while doing a network scan and other unraveled truths about the hideous attacks recently made by perpetrators linked to the North Korean government espionage.

Currently, a bounty of up to $5 million reward is offered by the US government to anyone that can provide a credible intel on the North Korean cyberattack operation from the past to the present. The initiative is in support of the suppression of such alleged illegal activity of the socialist country.

About the author

Leave a Reply