US government goes all in to expose new malware used by North Korean hackers

by
Dan Goodin
from Ars Technica - All content on (#4ZCSH)
GettyImages-528526924-800x522.jpg

Enlarge (credit: Jung Yeon-Je/Getty Images)

The US Pentagon, the FBI, and the Department of Homeland Security on Friday exposed a North Korean hacking operation and provided technical details for seven pieces of malware used in the campaign.

The US Cyber National Mission Force, an arm of the Pentagon's US Cyber Command, said on Twitter that the malware is "currently used for phishing & remote access by [North Korean government] cyber actors to conduct illegal activity, steal funds & evade sanctions." The tweet linked to a post on VirusTotal, the Alphabet-owned malware repository, that provided cryptographic hashes, file names, and other technical details that can help defenders identify compromises inside the networks they protect.

Malware attributed to #NorthKorea by @FBI_NCIJTF just released here: https://t.co/cBqSL7DJzI. This malware is currently used for phishing & remote access by #DPRK cyber actors to conduct illegal activity, steal funds & evade sanctions. #HappyValentines @CISAgov @DHS @US_CYBERCOM

- USCYBERCOM Malware Alert (@CNMF_VirusAlert) February 14, 2020

An accompanying advisory from the DHS's Cybersecurity and Infrastructure Security Agency said the campaign was the work of Hidden Cobra, the government's name for a hacking group sponsored by the North Korean Government. Many security researchers in the private sector use other names for the group, including Lazarus and Zinc. Six of the seven malware families were uploaded to VirusTotal on Friday. They included:

Read 4 remaining paragraphs | Comments

index?i=1-ut05SX7kU:uyaAomMLhUQ:V_sGLiPB index?i=1-ut05SX7kU:uyaAomMLhUQ:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments