2 min read

US Government warns of more North Korean malware attacks

Graham CLULEY

June 18, 2018

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
US Government warns of more North Korean malware attacks

With Donald Trump and Kim Jong Un exchanging handshakes and smiles at the Singapore security summit earlier this month, you may have been fooled into thinking that all was cordial between the United States and North Korea.

Look under the surface, however, and things may be rather different.

For instance, just days after the two countries signed a joint agreement at their unprecedented talks, the US Department of Homeland Security has issued a warning about more malware being used by the North Korean government against US organisations.

The malware, dubbed “Typeframe”, is thought to be related to other attacks previously attributed to the Hidden Cobra hacking gang (also sometimes called “Lazarus” or “Guardians of the Peace”).

The hacking group has become notorious for its use of Remote Access Trojans (RATs), DDoS botnet attacks, keylogging spyware, and data-wiping malware in attacks against foreign companies.

Most recently, Chile’s second largest bank, has confirmed that in late May it suffered a serious malware attack that breached its systems and disrupted its services.

That attack saw attackers use Hidden Cobra’s disk-wiping malware to distract attention, while some US $10 million was stolen via the SWIFT money transferring system.

If the attack was indeed the work of North Korea, it would be the latest in a long series of attacks on SWIFT which have allegedly stolen hundreds of millions of dollars for the pariah state.

And in the past, the US Government has even blamed Hidden Cobra for the notorious WannaCry ransomware attack, a claim which North Korea predictably denied.

In their latest report, the Department of Homeland Security’s United States Computer Emergency Readiness Team (US-CERT) does not share details of how many computers may have been infected by Typeframe, or what industries may have been targeted.

However, it does share a technical analysis of 11 malware samples (Windows executables files, and a Microsoft Word document) that attempt to download and install spyware, connect to command and control servers, and meddle with victims’ firewalls to allow incoming connections.

All of the malware samples appear to have been compiled before the Singapore security summit was announced.

To better defend against the Typeframe attacks, organisations are being urged by US-CERT to look for indications of compromise – detailed within the report – by reviewing network logs for IP addresses, and using a variety of network signatures and host-based rules.

tags


Author



Right now

Top posts

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

November 29, 2022

2 min read
How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read
Cyber Tips for a Spook-Free Halloween

Cyber Tips for a Spook-Free Halloween

October 26, 2022

3 min read
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Hacking cars remotely with just their VIN Hacking cars remotely with just their VIN
Graham CLULEY

December 05, 2022

2 min read
Russian courts attacked by CryWiper malware that poses as ransomware Russian courts attacked by CryWiper malware that poses as ransomware
Graham CLULEY

December 05, 2022

2 min read
Android App in Google Play Store Was Harvesting SMS Messages Helping Criminals Create New Accounts Android App in Google Play Store Was Harvesting SMS Messages Helping Criminals Create New Accounts
Silviu STAHIE

December 02, 2022

1 min read