PuTTY Trojanized versions utility used to spread backdoor

September 16, 2022 By Jozeph P

(Image Credit Google)

Researchers believe that hackers with links to North Korean government have been pushing the Trojanized Version of PuTTY networking tool in a bid to hack the networks of organizations they wish to monitor. Researchers from security company Mandiant confirmed this week that at the very least one of its customers was a client of an employee who installed the fake network utility on accidental. The incident led the company to be infected with the backdoor that researchers track as Airdry.v2. The file was accessed by a Mandiant tracker group as UNC4034. "Mandiant identified several overlaps between UNC4034 and threat clusters we suspect have a North Korean nexus," company researchers wrote. "The AIRDRY.V2 C2 URLs belong to compromised website infrastructure previously leveraged by these groups and reported in several OSINT sources." Trojanized versions of PuTTY utility being used to spread backdoor

Trojanized versions of PuTTY utility being used to spread backdoor

The actors who were threatening the victim claimed to be looking to hire the employee to work at Amazon. They sent the target a message over WhatsApp that transmitted a file named amazon_assessment.iso. ISO files are increasingly employed in recent times to cause damage to Windows computers due to the fact that the double-click on them triggers them to be mounted as an virtual machine. In addition the image was an executable file named PuTTY.exe. PuTTY is an open-source secure shell application and telnet. The secure versions are authenticated by the official developer. The version that was sent in the WhatsApp message was not signed by the official developer. The executable files installed the most recent version of Airdry an attack on the backdoor which the US government has blamed on it being the North Korean government. It is reported that the US Cybersecurity and Infrastructure Security Agency has a description of the backdoor here. Japan's emergency response community provides an explanation of the backdoor which is tracked under BLINDINGCAN.

By Jozeph P

Journalism explorer, tech Enthusiast. Love to read and write.

PuTTY Trojanized versions utility used to spread backdoor

Walmart's GenAI Search Engine: Challenging Google's Dominance in Retail Search

Introducing the MSI Claw Handheld: Your Ultimate Gaming Companion

Uber Increases In-App Ads, Prompting Mixed Reactions from Customers

Apple's iOS 18: A Leap into the AI Era

Google's Regular Pixel 8 Won't Get Gemini Nano AI

MacBook Air M3 Makes Amends for M2's Storage Blunder

Samsung Unveils the Galaxy M15 5G

Elon Musk's xAI to Open-Source Chatbot Grok

Contra: Operation Galuga - A Modern Run-and-Gun Classic

Musk Confirms X's TV App Arrives This Week

Amazon's Conversational Genie to Answer Product Queries

Threads is working on an API for developers

Elon Musk's X Introduces 2 New Special Membership Plans

Amazon Clinic Expands to Treat Coughs, Colds, and Flu

Google is making password-killing technology available to all accounts

TikTok Executive Confirms Manual Promotion of Content on Platform