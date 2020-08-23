Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) have identified North Korean hackers’ new backdoor malware called BLINDINGCAN.

The US government exposed the remote access trojan (RAT) malware after publishing an analysis report today (Aug 20).

As reported first by Bleeping Computer, the North Korean hackers used the malware to attack targeted government contractor and that the RAT malware is linked to Lazarus Group and APT38. These are two North Korean government-sponsored hacking groups.

The trojan was found with built-in functions for remote operations that provide various capabilities on a victim’s system.

The agencies’ analysis wrote that CISA received two Dynamic-Link Libraries (DLLs) and four Microsoft Word Open Extensible Language (XML) documents.

The hackers used 64-bit and 32-bit DLL that install a 32-bit and a 64-bit DLL named “iconcache.db,” which executes and unpacks a variant of Hidden Cobra RAT, to connect to external domains for a download. BLINDINGCAN can also avoid detection by removing itself from compromised systems and clean its traces.

