2 min read

US Government warns of more North Korean malware attacks

Graham CLULEY

June 18, 2018

US Government warns of more North Korean malware attacks

With Donald Trump and Kim Jong Un exchanging handshakes and smiles at the Singapore security summit earlier this month, you may have been fooled into thinking that all was cordial between the United States and North Korea.

Look under the surface, however, and things may be rather different.

For instance, just days after the two countries signed a joint agreement at their unprecedented talks, the US Department of Homeland Security has issued a warning about more malware being used by the North Korean government against US organisations.

The malware, dubbed “Typeframe”, is thought to be related to other attacks previously attributed to the Hidden Cobra hacking gang (also sometimes called “Lazarus” or “Guardians of the Peace”).

The hacking group has become notorious for its use of Remote Access Trojans (RATs), DDoS botnet attacks, keylogging spyware, and data-wiping malware in attacks against foreign companies.

Most recently, Chile’s second largest bank, has confirmed that in late May it suffered a serious malware attack that breached its systems and disrupted its services.

That attack saw attackers use Hidden Cobra’s disk-wiping malware to distract attention, while some US $10 million was stolen via the SWIFT money transferring system.

If the attack was indeed the work of North Korea, it would be the latest in a long series of attacks on SWIFT which have allegedly stolen hundreds of millions of dollars for the pariah state.

And in the past, the US Government has even blamed Hidden Cobra for the notorious WannaCry ransomware attack, a claim which North Korea predictably denied.

In their latest report, the Department of Homeland Security’s United States Computer Emergency Readiness Team (US-CERT) does not share details of how many computers may have been infected by Typeframe, or what industries may have been targeted.

However, it does share a technical analysis of 11 malware samples (Windows executables files, and a Microsoft Word document) that attempt to download and install spyware, connect to command and control servers, and meddle with victims’ firewalls to allow incoming connections.

All of the malware samples appear to have been compiled before the Singapore security summit was announced.

To better defend against the Typeframe attacks, organisations are being urged by US-CERT to look for indications of compromise – detailed within the report – by reviewing network logs for IP addresses, and using a variety of network signatures and host-based rules.

tags


Author



Right now

Top posts

Ultimate Privacy Guide for Your Facebook Account

Ultimate Privacy Guide for Your Facebook Account

August 31, 2021

6 min read
7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

August 27, 2021

2 min read
Your Netflix Account May Be on Sale on Darkweb. Protect It

Your Netflix Account May Be on Sale on Darkweb. Protect It

August 13, 2021

3 min read
E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Romance scammers arrested in Texas for defrauding elderly lonely hearts Romance scammers arrested in Texas for defrauding elderly lonely hearts
Graham CLULEY

September 28, 2021

3 min read
iCloud Private Relay Vulnerability Exposes User IP Addresses, Researchers Find iCloud Private Relay Vulnerability Exposes User IP Addresses, Researchers Find
Silviu STAHIE

September 27, 2021

1 min read
Bitcoin.org Compromised; Attackers Posted “Double Your Money” Announcement Bitcoin.org Compromised; Attackers Posted “Double Your Money” Announcement
Silviu STAHIE

September 27, 2021

1 min read