UNC4034 slips in a backdoor with trojanized PuTTY
UNC4034 slips in a backdoor with trojanized PuTTY
Threat Level
Attack Report
For a detailed threat advisory, download the pdf file here
Summary
UNC4034, a North Korean threat actor, uses a fake job posting to trick victims into downloading a trojanized version of PuTTY. When the malicious PuTTY binary is executed on the host, a backdoor named AIRDRY is deployed, which establishes connections to the attacker’s C2 server.