North Korean malware could still pose major threat

News
By published

Reports provide in-depth analysis on six new malware samples

(Image credit: Pixabay)

The FBI and Cybersecurity Infrastructure Security Agency (CISA) have released new information on North Korean malware in the form of six new and updated Malware Analysis Reports (MARs).

The US agencies released these MARs in order to provide organizations with detailed malware analysis information which was acquired by manually reverse engineering malware samples. At the same time, the reports were also issued to help network defenders detect and reduce exposure to malicious activity by the North Korean government which the US government refers to as HIDDEN COBRA.

The CISA recommends that all users and administrators carefully review the seven MARs in a blog post, saying:

“Each MAR includes malware descriptions, suggested response actions, and recommended mitigation techniques. Users or administrators should flag activity associated with the malware and report the activity to CISA or the FBI Cyber Watch (CyWatch), and give the activity the highest priority for enhanced mitigation.”

North Korean malware

In addition to releasing new MARs, US Cyber Command also uploaded malware samples to VirusTotal and in a tweet, said: "this malware is currently used for phishing & remote access by #DPRK cyber actors to conduct illegal activity, steal funds & evade sanctions".

The reports released by CISA provide detailed analysis of six new malware samples that are currently being tracked by US authorities under the names Bistromath, Slickshoes, Crowdedflounder, Hotcroissant, Artfulpie and Buffetline.

While some of these are Remote Access Trojans (RAT) and malware droppers, others are described as full-featured beaconing implants used to download, upload, delete and execute files.

CISA and other US government agencies attribute the malware to a North Korean government backed hacking group known as HIDDEN COBRA but the group is also known as the Lazarus Group and it is North Korea's largest and most active hacking division.

Via BleepingComputer

TOPICS
Anthony Spadafora
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Latest in Security
Image depicting hands typing on a keyboard, with phishing hooks holding files, passwords and credit cards.
Microsoft warns about a new phishing campaign impersonating Booking.com
Data leak
Hacked Tata Technologies data leaked by ransomware gang
A close-up photo of an iPhone, with the App Store icon prominent in the center of the image.
Thousands of iOS apps found to expose user data and leak Stripe keys
China
Chinese hackers targeting Juniper Networks routers, so patch now
Google Chrome dark mode
Google updates Chrome extension rules to ban affiliate link injection without user action or benefit
Abstract image of robots working in an office environment including creating blueprint of robot arm, making a phone call, and typing on a keyboard
This worrying botnet targets unsecure TP-Link routers - thousands of devices already hacked
Latest in News
The Russo brothers posing for a photograph and Herman carrying a Volkswagen camper van in The Electric State
'We're optimists': AI enthusiasts Joe and Anthony Russo defend its use in movies and TV shows, but admit there are 'very real dangers' around its application
UK Prime Minister Sir Kier Starmer
UK PM says AI should soon replace civil servants
Xbox Copilot in Minecraft
Microsoft confirms Copilot can be tested by Xbox Insiders next month and shares new details about how the AI sidekick will enhance the player experience: 'It has to be about gameplay, it has to be personalized to you'
Eight Samsung TVs mounted to the wall showing different basketball games
Samsung is offering you 8 new TVs in one bundle for March Madness, in case you want to watch all games at once like a Bond villain’s lair
Image depicting hands typing on a keyboard, with phishing hooks holding files, passwords and credit cards.
Microsoft warns about a new phishing campaign impersonating Booking.com
The Steam Logo on a mobile phone in front of a wall of games.
Today’s Steam Spring Sale features my absolute favorite game of all time - here's when the sale starts and all the key info
More about security
Image depicting hands typing on a keyboard, with phishing hooks holding files, passwords and credit cards.

Microsoft warns about a new phishing campaign impersonating Booking.com
A close-up photo of an iPhone, with the App Store icon prominent in the center of the image.

Thousands of iOS apps found to expose user data and leak Stripe keys
Workers in a futuristic office

40% of IT leaders scared to admit mistakes due to workplace culture of fear
See more latest
Most Popular
Workers in a futuristic office
40% of IT leaders scared to admit mistakes due to workplace culture of fear
13-inch and 15-inch MacBook Air M4 in Sky Blue
The new Apple MacBook Air M4 has a weird quirk with its performance cores - but it's nothing to worry about
The Russo brothers posing for a photograph and Herman carrying a Volkswagen camper van in The Electric State
'We're optimists': AI enthusiasts Joe and Anthony Russo defend its use in movies and TV shows, but admit there are 'very real dangers' around its application
Xbox Copilot in Minecraft
Microsoft confirms Copilot can be tested by Xbox Insiders next month and shares new details about how the AI sidekick will enhance the player experience: 'It has to be about gameplay, it has to be personalized to you'
Image depicting hands typing on a keyboard, with phishing hooks holding files, passwords and credit cards.
Microsoft warns about a new phishing campaign impersonating Booking.com
Dune Awakening screenshot showing the exploration of The O'odham
Latest Dune Awakening trailer provides a deeper look at open-world exploration on the planet Arrakis
close-up of soundbar mesh with Sonos branding
Sonos reportedly cancels its streaming video player, but I hope it resurrects one part of it, because it could be huge
A close-up photo of an iPhone, with the App Store icon prominent in the center of the image.
Thousands of iOS apps found to expose user data and leak Stripe keys
Emily takes a selfie in front of her apartment window in Rome in Emily in Paris
Emily in Paris season 5: everything we know so far about the hit Netflix show’s return
Eight Samsung TVs mounted to the wall showing different basketball games
Samsung is offering you 8 new TVs in one bundle for March Madness, in case you want to watch all games at once like a Bond villain’s lair