UNC4034 slips in a backdoor with trojanized PuTTY

Threat Level – Red | Vulnerability Report
Download PDF

UNC4034, a North Korean threat actor, uses a fake job posting to trick victims into downloading a trojanized version of PuTTY. When the malicious PuTTY binary is executed on the host, a backdoor named AIRDRY is deployed, which establishes connections to the attacker’s C2 server.

What’s new on HivePro

Get through updates and upcoming events, and more directly in your inbox