28 APR

As two Koreas shake hands, Hidden Cobra hackers wage espionage campaign

Enlarge / North Korean Leader Kim Jong Un (L) and South Korean President Moon Jae-in (R) shake hands over the military demarcation line upon meeting for the Inter-Korean Summit on April 27, 2018 in Panmunjom, South Korea. (credit: Korea Summit Press Pool/Getty Images)

As Kim Jong Un became the first North Korean leader to step into South Korea, his generals continue to oversee teams of increasingly advanced hackers who are actively targeting the financial, health, and entertainment industries in the US and more than a dozen other countries. The so-called GhostSecret data reconnaissance campaign, exposed Tuesday by security firm McAfee, remains ongoing. It is deploying a series of previously unidentified tools designed to stealthily infect targets and gather data or possibly repeat the same type of highly destructive attacks visited upon Sony Pictures in 2014.

Last month, McAfee reported finding Bankshot, a remote-access trojan attributed to Hidden Cobra—a so-called advanced persistent threat group tied to North Korea—infecting Turkish banks. In this week’s report, the security firm said the same malware was infecting organizations all over the world. McAfee researchers also found never-before-seen malware that was infecting the same organizations. One tool included many of the capabilities of Bankshot, including its ability to compromise computers that connect to the SWIFT banking network and permanently wipe data from infected computers. The tool also had digital fingerprints found in Destover, the name given to malware that was used in the Sony Pictures intrusion.

Server seizure, listening malware

Coinciding with the McAfee discovery, according to a ThaiCERT advisory published Wednesday, Thailand officials seized a server inside the Thammasat University in Bangkok that was being used to communicate with computers infected in the GhostSecret campaign. The server used the same IP address range that was used in the Sony Pictures hack. Thai officials are in the process of analyzing the server now.

Read 4 remaining paragraphs | Comments

Post Author: martin

Martin is an enthusiastic programmer, a webdeveloper and a young entrepreneur. He is intereted into computers for a long time. In the age of 10 he has programmed his first website and since then he has been working on web technologies until now. He is the Founder and Editor-in-Chief of BriefNews.eu and PCHealthBoost.info Online Magazines. His colleagues appreciate him as a passionate workhorse, a fan of new technologies, an eternal optimist and a dreamer, but especially the soul of the team for whom he can do anything in the world.

Related Posts '

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.