As North Korea’s government prepares for a possible summit with US President Donald Trump later this month, hackers working on behalf of the isolated country have continued a volley of network intrusions that target media, aerospace, financial, and critical-infrastructure companies in the US, South Korea, and other nations, researchers in private industry and the federal government said this week.
On Tuesday, the US Department of Homeland Security and the FBI identified two pieces of malware North Korea is actively using against multiple organizations throughout the world, including in the US. The malware, according to a joint technical alert the two agencies published, is being used by participants in Hidden Cobra, which is the name US intelligence officials have given to North Korea’s hacking operation. Tuesday’s alert said the malware has likely been in use since at least 2009.
The first piece of malware is a fully functional remote-access trojan called Joanap. It typically infects computers as a payload that is delivered by another piece of Hidden Cobra malware, and targets unknowingly download it when they visit a compromised website. The two-stage RAT lets its remote operators steal data, install new programs, and act as a proxy for Internet traffic to disguise attacks on new targets.
Read 5 remaining paragraphs | Comments
