North Korean malware could still pose major threat
Reports provide in-depth analysis on six new malware samples
The FBI and Cybersecurity Infrastructure Security Agency (CISA) have released new information on North Korean malware in the form of six new and updated Malware Analysis Reports (MARs).
The US agencies released these MARs in order to provide organizations with detailed malware analysis information which was acquired by manually reverse engineering malware samples. At the same time, the reports were also issued to help network defenders detect and reduce exposure to malicious activity by the North Korean government which the US government refers to as HIDDEN COBRA.
The CISA recommends that all users and administrators carefully review the seven MARs in a blog post, saying:
- FBI warns that hackers are targeting software supply chain providers
- Microsoft takes down 50 North Korean hacking sites
- Banks being targeted with major malware campaign
“Each MAR includes malware descriptions, suggested response actions, and recommended mitigation techniques. Users or administrators should flag activity associated with the malware and report the activity to CISA or the FBI Cyber Watch (CyWatch), and give the activity the highest priority for enhanced mitigation.”
North Korean malware
In addition to releasing new MARs, US Cyber Command also uploaded malware samples to VirusTotal and in a tweet, said: "this malware is currently used for phishing & remote access by #DPRK cyber actors to conduct illegal activity, steal funds & evade sanctions".
The reports released by CISA provide detailed analysis of six new malware samples that are currently being tracked by US authorities under the names Bistromath, Slickshoes, Crowdedflounder, Hotcroissant, Artfulpie and Buffetline.
While some of these are Remote Access Trojans (RAT) and malware droppers, others are described as full-featured beaconing implants used to download, upload, delete and execute files.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
CISA and other US government agencies attribute the malware to a North Korean government backed hacking group known as HIDDEN COBRA but the group is also known as the Lazarus Group and it is North Korea's largest and most active hacking division.
- Keep your devices protected with the best antivirus software
Via BleepingComputer
After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.