Discover and read the best of Twitter Threads about #BLINDINGCAN
Most recents (2)
#ESETresearch has discovered #Lazarus attacks against targets in 🇳🇱 and 🇧🇪, spreading via spearphishing emails and exploiting the CVE-2021-21551 vulnerability to disable the monitoring of all security solutions on compromised machines @pkalnai welivesecurity.com/2022/09/30/ama…
@pkalnai The attack started with spearphishing emails connected to fake job offers, targeting an aerospace company in the Netherlands, and a political journalist in Belgium. The attackers then deployed a VMProtect-ed version of #BLINDINGCAN, a fully featured HTTP(S) backdoor. 2/6 
@pkalnai Notably, the attackers used a rootkit named FudModule.dll, that modifies kernel variables and removes kernel callbacks to disable monitoring of all security solutions on the system. This is the first recorded abuse of the CVE-2021-21551 vulnerability in Dell DBUtil drivers. 3/6
#ICYMI, here's a #threatintel related🧵👇 by me on @USTreasury advisory on DPRK IT workers' attempts to obtain employment while posing as non-North Korean nationals: home.treasury.gov/system/files/1… (1/?)
DPRK IT workers "engage in a wide range of IT dev work, such as: mobile & web-based apps, virtual currency exchange platforms & digital coins. Some
designed virtual currency exchanges or created analytic tools/apps for virtual currency traders & marketed their products." (2/?)
designed virtual currency exchanges or created analytic tools/apps for virtual currency traders & marketed their products." (2/?)
This reminds me, for example, of Marine Chain Token: (justice.gov/opa/pr/three-n…; justice.gov/opa/press-rele…), #AppleJeus (cisa.gov/uscert/ncas/al…) and, more recently, #TraderTraitor (cisa.gov/uscert/ncas/al…). #HIDDENCOBRA/#APT38 loves loves loves their crypto (3/?)
