Trojanized PuTTY used to make backdoor

Trojanized versions of PuTTY utility being used to spread backdoor [{ "selector": ".qszlo-a", "duration": "500ms", "fill": "forwards", "delay": "0ms", "keyframes": [ {"offset": 0, "opacity": 0}, {"offset": 1, "opacity": "1"} ] }, { "selector": ".orwem-a", "duration": "500ms", "fill": "forwards", "delay": "0ms", "keyframes": [ {"offset": 0, "opacity": 0}, {"offset": 1, "opacity": "1"} ] }, { "selector": ".uwlml-a", "duration": "500ms", "fill": "forwards", "delay": "0ms", "keyframes": [ {"offset": 0, "transform": "translateX(calc(360px - 26px))", "opacity": "1"}, {"offset": 1, "transform": "translateX(0)", "opacity": "1"} ] }]

Researchers believe hackers with connections to North Korean government have been pushing a Trojanized version of the PuTTY in an attempt to backdoor the network of organizations they want to spy on. [{ "selector": ".ejiub-a", "duration": "500ms", "fill": "forwards", "delay": "0ms", "keyframes": [ {"offset": 0, "opacity": 0}, {"offset": 1, "opacity": "1"} ] }, { "selector": ".cjbow-a", "duration": "500ms", "fill": "forwards", "delay": "0ms", "keyframes": [ {"offset": 0, "opacity": 0}, {"offset": 1, "opacity": "1"} ] }, { "selector": ".xpzww-a", "duration": "500ms", "fill": "forwards", "delay": "0ms", "keyframes": [ {"offset": 0, "transform": "translateX(calc(360px - 26px))", "opacity": "1"}, {"offset": 1, "transform": "translateX(0)", "opacity": "1"} ] }]

Researchers from security firm Mandiant said on Thursday that at least one customer it serves had an employee who installed the fake network utility by accident. [{ "selector": ".qepwe-a", "duration": "500ms", "fill": "forwards", "delay": "0ms", "keyframes": [ {"offset": 0, "opacity": 0}, {"offset": 1, "opacity": "1"} ] }, { "selector": ".sncag-a", "duration": "500ms", "fill": "forwards", "delay": "0ms", "keyframes": [ {"offset": 0, "opacity": 0}, {"offset": 1, "opacity": "1"} ] }, { "selector": ".ksugo-a", "duration": "500ms", "fill": "forwards", "delay": "0ms", "keyframes": [ {"offset": 0, "transform": "translateX(calc(360px - 26px))", "opacity": "1"}, {"offset": 1, "transform": "translateX(0)", "opacity": "1"} ] }]

The incident caused the employer to become infected with a backdoor tracked by researchers as Airdry. [{ "selector": ".xlziu-a", "duration": "500ms", "fill": "forwards", "delay": "0ms", "keyframes": [ {"offset": 0, "opacity": 0}, {"offset": 1, "opacity": "1"} ] }, { "selector": ".ieoxj-a", "duration": "500ms", "fill": "forwards", "delay": "0ms", "keyframes": [ {"offset": 0, "opacity": 0}, {"offset": 1, "opacity": "1"} ] }, { "selector": ".mdxeq-a", "duration": "500ms", "fill": "forwards", "delay": "0ms", "keyframes": [ {"offset": 0, "transform": "translateX(calc(360px - 26px))", "opacity": "1"}, {"offset": 1, "transform": "translateX(0)", "opacity": "1"} ] }]

The file was transmitted by a group Mandiant tracks as UNC4034. Mandiant identified several overlaps between UNC4034 and threat clusters we suspect have a North Korean nexus, company. [{ "selector": ".awuil-a", "duration": "500ms", "fill": "forwards", "delay": "0ms", "keyframes": [ {"offset": 0, "opacity": 0}, {"offset": 1, "opacity": "1"} ] }, { "selector": ".ftpnx-a", "duration": "500ms", "fill": "forwards", "delay": "0ms", "keyframes": [ {"offset": 0, "opacity": 0}, {"offset": 1, "opacity": "1"} ] }, { "selector": ".tgrdj-a", "duration": "500ms", "fill": "forwards", "delay": "0ms", "keyframes": [ {"offset": 0, "transform": "translateX(calc(360px - 26px))", "opacity": "1"}, {"offset": 1, "transform": "translateX(0)", "opacity": "1"} ] }]

The threat actors posed as people recruiting the employee for a job at Amazon. [{ "selector": ".ukewu-a", "duration": "500ms", "fill": "forwards", "delay": "0ms", "keyframes": [ {"offset": 0, "opacity": 0}, {"offset": 1, "opacity": "1"} ] }, { "selector": ".uewxx-a", "duration": "500ms", "fill": "forwards", "delay": "0ms", "keyframes": [ {"offset": 0, "transform": "translateX(calc(360px - 26px))", "opacity": "1"}, {"offset": 1, "transform": "translateX(0)", "opacity": "1"} ] }]

PuTTY is an open-source secure shell and telnet application. The version sent in the WhatsApp message was not signed. [{ "selector": ".nknuf-a", "duration": "500ms", "fill": "forwards", "delay": "0ms", "keyframes": [ {"offset": 0, "opacity": 0}, {"offset": 1, "opacity": "1"} ] }, { "selector": ".zkokn-a", "duration": "500ms", "fill": "forwards", "delay": "0ms", "keyframes": [ {"offset": 0, "opacity": 0}, {"offset": 1, "opacity": "1"} ] }, { "selector": ".nspxc-a", "duration": "500ms", "fill": "forwards", "delay": "0ms", "keyframes": [ {"offset": 0, "transform": "translateX(calc(360px - 26px))", "opacity": "1"}, {"offset": 1, "transform": "translateX(0)", "opacity": "1"} ] }]

The executable file installed the latest version of Airdry, a backdoor the US government has attributed to the North Korean government. [{ "selector": ".djrfz-a", "duration": "500ms", "fill": "forwards", "delay": "0ms", "keyframes": [ {"offset": 0, "opacity": 0}, {"offset": 1, "opacity": "1"} ] }, { "selector": ".ajrgg-a", "duration": "500ms", "fill": "forwards", "delay": "0ms", "keyframes": [ {"offset": 0, "opacity": 0}, {"offset": 1, "opacity": "1"} ] }, { "selector": ".zrqiu-a", "duration": "500ms", "fill": "forwards", "delay": "0ms", "keyframes": [ {"offset": 0, "transform": "translateX(calc(360px - 18px))", "opacity": "1"}, {"offset": 1, "transform": "translateX(0)", "opacity": "1"} ] }]