UNC4034 slips in a backdoor with trojanized PuTTY

Threat Advisories

UNC4034 slips in a backdoor with trojanized PuTTY

Threat Level
Attack Report

For a detailed threat advisory, download the pdf file here

Summary

UNC4034, a North Korean threat actor, uses a fake job posting to trick victims into downloading a trojanized version of PuTTY. When the malicious PuTTY binary is executed on the host, a backdoor named AIRDRY is deployed, which establishes connections to the attacker’s C2 server.