• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Jobs
  • Career
    • Cyber Security Training
    • Work from Home
    • Cyber Security Analyst
    • Remote Work – Six Ways to Keep Your Data Safe When Working Remotely
  • Field Guide
  • Newsletter Signup
  • Deals
  • News
AskCyberSecurity.com

AskCyberSecurity.com

Cyber Security News & Information

  • Home
  • Data Privacy
    • Gamers
    • Government Cyber Security
      • Legislation
      • Standards
        • What are the risks of computer security?
        • Medical Cyber Security
    • Social Media
  • Security
    • Data Breaches
    • Scams
    • Malware
  • Software
    • Apps
    • Web Browsers
  • Glossary
    • Cyber Security Acronyms
  • About Ask Cyber Security
    • Authors
    • Contact Us
  • VPN
    • How Do I Know If My VPN is Working?
    • Best Free VPN iPhone
    • Why Use a VPN?
    • NordVPN vs IPVanish
    • Private Internet Access Download
    • Best VPN for Streaming
      • TikTok VPN
    • VPN Porn
    • Computer Security Software – What You Really Need
  • Tutorials
AskCyber Home » News » News » Feds Call Out North Korean Hacking Campaigns

Feds Call Out North Korean Hacking Campaigns

2020-05-12 by Max

HIDDEN COBRA North Korean Hackers

DHS, FBI, and DoD Issue Joint Report on Malware in Use by the North Korean Government

The US Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) the Federal Bureau of Investigations (FBI), and the Department of Defense (DoD) jointly issued updates on three Malware Analysis Reports (MARs). The three malware warrants are in use by the Democratic People’s Republic of Korea (DPRK, also known as North Korea). The three malwares include two Trojans (TAINTEDSCRIBE and PEBBLEDASH) and one Remote Access Tool (COPPERHEDGE)

North Korea uses its malware to maintain a presence on victim networks for current and further network exploitation.

READ: What are Advanced Persistent Threat Groups?

HIDDEN COBRA is an Advanced Persistent Threat (APT 38) group that carries out malicious cyber activity at the behest of the North Korean government. Hidden Cobra is known for using DDoS botnets, keyloggers, ransomware, remote access tools (RATs), and wiper malware. The APT group conducts espionage to gather valuable information and spy on other nations. The hackers also focus on hacking financial instantons to steal money to fund other operations for North Korea. Commercial cyber security researchers refer to HIDDEN COBRA as Lazarus Group and Guardians of Peace.

Lazarus group was implicated in a new malware variant, Dacls Remote Access Trojan (RAT) malware, that attacks computers running MacOS. Remote Access Trojans, or RAT malware, is a type of malicious computer code that can remote control an infected computer. RAT malware is used to read, edit, or deletes files, gather system information, mine cryptocurrencies, download more malware, and steal sensitive information.

Malware Analysis Report (1028834-1.v1) – North Korean Remote Access Tool: COPPERHEDGE

Malware Analysis Report (AR20-133A) reports that RAT malware COPPERHEDGE targets cryptocurrency exchanges. This RAT malware can run commands, perform system reconnaissance, and exfiltrate data

Malware Analysis Report (1028834-2.v1) – North Korean Trojan: TAINTEDSCRIBE

Malware Analysis Report (AR20-133B) for Trojan TAINTEDSCRIBE. This malware disguises itself as Microsoft’s Narrator. TAINTEDSCRIBE downloads a command execution module from a command and control server and can download, upload, delete, and execute files. It can also create and terminate processes and perform target system enumeration.

Malware Analysis Report (1028834-3.v1) – North Korean Trojan: PEBBLEDASH

Malware Analysis Report (AR20-133C) for PEBBLEDASH indicates this is a full-featured beaconing implant with similar capabilities as TAINTEDSCRIBE.

North Korea Hackers
North Korea Hackers

Hidden Cobra is also associated with ELECTRICFISH, HOPLIGHT, CROWDEDFLOUNDER, HOTCROISSANT, BANKSHOT malwares as well as others. HIDDEN COBRA aka Lazarus Groups is the hacking group responsible for the 2017 WannaCry ransomware attack. WannaCry infected over 200,000 computers globally. The entire UK’s National Health System (NHS) was crippled by the attack. The code was stolen from an arsenal of hacking tools developed by the US APT group, Equation Group.

How to Protect Your Devices from Malware

System Administrators should report malware attacks to Cybersecurity and Infrastructure Security Agency (CISA) or the FBI Cyber Watch (CyWatch)

• Configure available firewalls to block attacks
• Maintain up-to-date antivirus software on all devices
• Keep device operating systems patched with the latest updates
• Maintain all software and apps with security patches
• Require two-factor authentication (2FA) to secure devices and software
• Only grant user accounts the access level necessary to complete tasks

Filed Under: News Tagged With: Lazarus, North Korea

About Max

Max is a Data Privacy Coordinator at a major global law firm and a science fiction author residing in the Philadelphia area. He has been writing for https://www.askcybersecurity.com since early 2017.


LinkedInTwitterFacebook

Primary Sidebar

Subscribe to Our Free Newsletter

We Don't Share or Sell Your Info

Web Browsers

Where Are My Saved Passwords in Chrome?

Google Removes 70 Malicious Browser Add-ons from Chrome Web Store

Firefox 75 Reports Your Browser Settings to Mozilla

Categories

Cyber Security Field Guide

Computer Security While TravelingGet Our Cyber Security Field Guide - Available on Amazon!

Recent Posts

FBI Cleans Hafnium Compromised Servers: Saturday Sitrep

Facebook Faces EU Lawsuit Over 2019 Data Leak

COVID Vaccine Cold Chain Targeted By Spear Phishing

Cyber Security Research Engineer Job Posting

Russia Hacks Swedish Sports Confederation

IPVanish

IPVanish VPN

Cyber Security News

Facebook Faces EU Lawsuit Over 2019 Data Leak

… [Read More...] about Facebook Faces EU Lawsuit Over 2019 Data Leak

COVID Vaccine Cold Chain Targeted By Spear Phishing

… [Read More...] about COVID Vaccine Cold Chain Targeted By Spear Phishing

Russia Hacks Swedish Sports Confederation

… [Read More...] about Russia Hacks Swedish Sports Confederation

Some Huawei Android Devices Infected with Malware

… [Read More...] about Some Huawei Android Devices Infected with Malware

More Cyber Security News

Tags

amazon Android Apple bitcoin China chrome CISA credit card Cyber Attack DHS Equifax Europe Facebook facial recognition FBI Firefox FTC games GDPR Google Government hacker identity theft India iPhone Iran IRS LinkedIn Microsoft North Korea PayPal phishing phishing email ransomware Romance Scam Russia smartphone SolarWinds tax scam TikTok tutorial VPN WhatsApp WiFi Windows

Government

CBP Looks to Access Airline Passenger Data

FTC Releases Cyber Threat Video Playlist

Malware Found on US Government Funded Phones

UK NCA Reaches Out to Youth to Deter Cybercrimes

More Posts from this Category

Footer

Menu

  • Home
  • About
  • Authors
  • Newsletter Signup
  • PRIVACY POLICY

Search

Why Use a VPN?

NordVPN vs IPVanish VPN Review

NAVIGATION

  • Data Breaches
  • Data Privacy
  • Gamers
  • Scams
  • Malware

MEMBER NJCCIC

New Jersey Cybersecurity & Communications Integration Cell

STAY CONNECTED

  • Facebook
  • Instagram
  • Pinterest
  • YouTube
  • Twitter
  • RSS

Copyright © 2021 · AskCyberSecurity.com · METRONY, LLC

Go to mobile version