Discover and read the best of Twitter Threads about #BLINDINGCAN

Most recents (2)

#ESETresearch has discovered #Lazarus attacks against targets in 🇳🇱 and 🇧🇪, spreading via spearphishing emails and exploiting the CVE-2021-21551 vulnerability to disable the monitoring of all security solutions on compromised machines @pkalnai welivesecurity.com/2022/09/30/ama…
@pkalnai The attack started with spearphishing emails connected to fake job offers, targeting an aerospace company in the Netherlands, and a political journalist in Belgium. The attackers then deployed a VMProtect-ed version of #BLINDINGCAN, a fully featured HTTP(S) backdoor. 2/6
@pkalnai Notably, the attackers used a rootkit named FudModule.dll, that modifies kernel variables and removes kernel callbacks to disable monitoring of all security solutions on the system. This is the first recorded abuse of the CVE-2021-21551 vulnerability in Dell DBUtil drivers. 3/6
Read 6 tweets
#ICYMI, here's a #threatintel related🧵👇 by me on @USTreasury advisory on DPRK IT workers' attempts to obtain employment while posing as non-North Korean nationals: home.treasury.gov/system/files/1… (1/?)
DPRK IT workers "engage in a wide range of IT dev work, such as: mobile & web-based apps, virtual currency exchange platforms & digital coins. Some
designed virtual currency exchanges or created analytic tools/apps for virtual currency traders & marketed their products." (2/?)
This reminds me, for example, of Marine Chain Token: (justice.gov/opa/pr/three-n…; justice.gov/opa/press-rele…), #AppleJeus (cisa.gov/uscert/ncas/al…) and, more recently, #TraderTraitor (cisa.gov/uscert/ncas/al…). #HIDDENCOBRA/#APT38 loves loves loves their crypto (3/?)
Read 14 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!