FBI warns over fresh malware from North Korea
The FBI and Cybersecurity Infrastructure Security Agency (CISA) have released new information on North Korean malware in the form of six new and updated Malware Analysis Reports (MARs).
The US agencies released these MARs in order to provide organizations with detailed malware analysis information which was acquired by manually reverse engineering malware samples. At the same time, the reports were also issued to help network defenders detect and reduce exposure to malicious activity by the North Korean government which the US government refers to as HIDDEN COBRA.
The CISA recommends that all users and administrators carefully review the seven MARs in a blog post, saying:
“Each MAR includes malware descriptions, suggested response actions, and recommended mitigation techniques. Users or administrators should flag activity associated with the malware and report the activity to CISA or the FBI Cyber Watch (CyWatch), and give the activity the highest priority for enhanced mitigation.”
North Korean malware
In addition to releasing new MARs, US Cyber Command also uploaded malware samples to VirusTotal and in a tweet, said: “this malware is currently used for phishing & remote access by #DPRK cyber actors to conduct illegal activity, steal funds & evade sanctions”.
The reports released by CISA provide detailed analysis of six new malware samples that are currently being tracked by US authorities under the names Bistromath, Slickshoes, Crowdedflounder, Hotcroissant, Artfulpie and Buffetline.
While some of these are Remote Access Trojans (RAT) and malware droppers, others are described as full-featured beaconing implants used to download, upload, delete and execute files.
CISA and other US government agencies attribute the malware to a North Korean government backed hacking group known as HIDDEN COBRA but the group is also known as the Lazarus Group and it is North Korea’s largest and most active hacking division.
Via BleepingComputer
The FBI and Cybersecurity Infrastructure Security Agency (CISA) have released new information on North Korean malware in the form of six new and updated Malware Analysis Reports (MARs). The US agencies released these MARs in order to provide organizations with detailed malware analysis information which was acquired by manually reverse…
Recent Posts
- Quordle today – hints and answers for Monday, March 25 (game #791)
- The best deal from Amazon’s Big Spring Sale is a free 65-inch 4K TV from Samsung
- 1200TB SSD modules are in the pipeline thanks to Pure Storage — but you definitely won’t be able to plug one in your workstation PC and it will be shockingly expensive
- The iPhone 16 could come with extra RAM and storage – just for AI
- ‘Spirited Away’ returns to theaters in April for Studio Ghibli Fest 2024
Archives
- March 2024
- February 2024
- January 2024
- December 2023
- November 2023
- October 2023
- September 2023
- August 2023
- July 2023
- June 2023
- May 2023
- April 2023
- March 2023
- February 2023
- January 2023
- December 2022
- November 2022
- October 2022
- September 2022
- August 2022
- July 2022
- June 2022
- May 2022
- April 2022
- March 2022
- February 2022
- January 2022
- December 2021
- November 2021
- October 2021
- September 2021
- August 2021
- July 2021
- June 2021
- May 2021
- April 2021
- March 2021
- February 2021
- January 2021
- December 2020
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- March 2020
- February 2020
- January 2020
- December 2019
- November 2019
- December 2011