- Joined
- May 15, 2016
- Messages
- 5,158
- Likes
- 2,576
- Points
- 1,730
Three years have passed since the WannaCry ransomware epidemic, which affected companies and organizations around the world, and the landscape of information security has forever changed. Let me remind you that researchers and authorities unanimously blamed the incident on North Korean hackers, and the US government even charged in absentia with a very specific suspect.
This week, to celebrate the anniversary, specialists from the FBI, the US Department of Defense and the Cybersecurity and Infrastructure Protection Agency, organized by the US Department of Homeland Security (DHS CISA), revealed three new malware authorship attributed to North Korean hack group Lazarus, also known like Hidden Cobra. New malware was not only described in the report, but also downloaded samples on VirusTotal.
Let me remind you that the US authorities have been publishing information about the North Korean malvari since 2017, and to date, 28 different threats have already been revealed. The idea of this initiative is to make information about the malvari public and accessible. Then the public and private sectors will be able to easily detect and block attacks using the described malware, and this will complicate the life of North Korean hackers, forcing them to constantly work on new versions of their tools, exploits and malware.
This week the following threats were made public:
COPPERHEDGE - a remote access Trojan (RAT) that can launch arbitrary commands, perform intelligence and steal data. Six different options were discovered.
TAINTEDSCRIBE is a malicious implant (trojan) that is installed on hacked systems to receive and execute malicious commands. Uses FakeTLS for session authentication, and uses Linear Feedback Shift Register (LFSR) algorithm for encryption. The main executable is disguised as Microsoft's Narrator.
PEBBLEDASH - another implant that has the ability to download, upload, delete and execute files; Enable Windows CLI Access create and complete processes, and so on.
Kaspersky Lab expert Kostin Raiu writes that all three types of malware are really associated with well-known North Korean hack groups. According to him, the code of the published samples is similar to the malicious code Manuscrypt, which was discovered by Kaspersky Lab in 2017 and was used to attack cryptocurrency exchanges.
Code similarity reports from the Kaspersky Malware Attribution Engine for the newly-uploaded samples from @CNMF_VirusAlert pic.twitter.com/7FpBye3dSn
- Costin Raiu (@craiu) May 12, 2020
This week, to celebrate the anniversary, specialists from the FBI, the US Department of Defense and the Cybersecurity and Infrastructure Protection Agency, organized by the US Department of Homeland Security (DHS CISA), revealed three new malware authorship attributed to North Korean hack group Lazarus, also known like Hidden Cobra. New malware was not only described in the report, but also downloaded samples on VirusTotal.
Let me remind you that the US authorities have been publishing information about the North Korean malvari since 2017, and to date, 28 different threats have already been revealed. The idea of this initiative is to make information about the malvari public and accessible. Then the public and private sectors will be able to easily detect and block attacks using the described malware, and this will complicate the life of North Korean hackers, forcing them to constantly work on new versions of their tools, exploits and malware.
This week the following threats were made public:
COPPERHEDGE - a remote access Trojan (RAT) that can launch arbitrary commands, perform intelligence and steal data. Six different options were discovered.
TAINTEDSCRIBE is a malicious implant (trojan) that is installed on hacked systems to receive and execute malicious commands. Uses FakeTLS for session authentication, and uses Linear Feedback Shift Register (LFSR) algorithm for encryption. The main executable is disguised as Microsoft's Narrator.
PEBBLEDASH - another implant that has the ability to download, upload, delete and execute files; Enable Windows CLI Access create and complete processes, and so on.
Kaspersky Lab expert Kostin Raiu writes that all three types of malware are really associated with well-known North Korean hack groups. According to him, the code of the published samples is similar to the malicious code Manuscrypt, which was discovered by Kaspersky Lab in 2017 and was used to attack cryptocurrency exchanges.
Code similarity reports from the Kaspersky Malware Attribution Engine for the newly-uploaded samples from @CNMF_VirusAlert pic.twitter.com/7FpBye3dSn
- Costin Raiu (@craiu) May 12, 2020