UNC4034, a North Korean threat actor, uses a fake job posting to trick victims into downloading a trojanized version of PuTTY. When the malicious PuTTY binary is executed on the host, a backdoor named AIRDRY is deployed, which establishes connections to the attacker’s C2 server.
Get through updates and upcoming events, and more directly in your inbox