Home » News » PuTTY Trojanized versions utility used to spread backdoor

PuTTY Trojanized versions utility used to spread backdoor

fb twitter pinterest linkedin
PuTTY Trojanized versions utility used to spread backdoor-GadgetAny
Trojanized versions of PuTTY utility being used to spread backdoor

Researchers believe that hackers with links to North Korean government have been pushing the Trojanized Version of PuTTY networking tool in a bid to hack the networks of organizations they wish to monitor.

Researchers from security company Mandiant confirmed this week that at the very least one of its customers was a client of an employee who installed the fake network utility on accidental. The incident led the company to be infected with the backdoor that researchers track as Airdry.v2. The file was accessed by a Mandiant tracker group as UNC4034.

“Mandiant identified several overlaps between UNC4034 and threat clusters we suspect have a North Korean nexus,” company researchers wrote. “The AIRDRY.V2 C2 URLs belong to compromised website infrastructure previously leveraged by these groups and reported in several OSINT sources.”

Trojanized versions of PuTTY utility being used to spread backdoor

The actors who were threatening the victim claimed to be looking to hire the employee to work at Amazon. They sent the target a message over WhatsApp that transmitted a file named amazon_assessment.iso. ISO files are increasingly employed in recent times to cause damage to Windows computers due to the fact that the double-click on them triggers them to be mounted as an virtual machine. In addition the image was an executable file named PuTTY.exe.

PuTTY is an open-source secure shell application and telnet. The secure versions are authenticated by the official developer. The version that was sent in the WhatsApp message was not signed by the official developer.

The executable files installed the most recent version of Airdry an attack on the backdoor which the US government has blamed on it being the North Korean government. It is reported that the US Cybersecurity and Infrastructure Security Agency has a description of the backdoor here. Japan’s emergency response community provides an explanation of the backdoor which is tracked under BLINDINGCAN.

Jozeph P

By Jozeph P

Journalism explorer, tech Enthusiast. Love to read and write.

Leave a Reply

Your email address will not be published.

4 − 1 =

Related news