Hackers from North Korea: Exposed by U.S. Government on malware and phishing activities

May 22, 2020
north korea hackers malware phishing activities

Multi Approach Attack?

Cybercrime experts in the United States, such as the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Defense (DoD) recently released their Malware Analysis Report. The report includes three newly discovered programs that were used by North Korea (NoKor) for their malicious scheming.

The U.S groups running their website scanning security protocols, they were able to root these malware trojans and able to link it to the NoKor government-supported hackers – Hidden Cobra.

The NoKor government is now favoring this Hidden Cobra group after its previous in-house hackers have been caught and sanctioned (Lazarus, Bluenoroff, and Andariel) in September 2019. The apprehended group was responsible for the $571 Million heists of specific cryptocurrency back in 2017 and 2018.

Three new programs were added to the rolling list of attacks that have been used by the perpetrators in executing their mischief around the globe, especially in the United States. In the list are:

COPPERHEDGE – malware used for data observation and specializes in compromising cryptocurrency transactions

TAINTEDSCRIBE – can run command and control (C2C) to the compromised system, used for system infiltration and data manipulation.

PEBBLEDASH – program that the group uses typically, which specializes in data gathering and manipulation.

Other reported programs that were used around mid-February this year were Bistromath, Slickshoes, Crowdedflounder, Hotcroissant, Artfulpie, Buffetline, Electricfish, and Hoplight.

The programs mentioned above are from the Malware Analysis Reports that have been submitted recently by the cybercrime experts. They are known publicly to mitigate issues that may arise because of this backdoor offensive attack from the NoKor government.


What will the U.S. Government Do?

The U.S. government has announced that it is prepared to give a reward of up to US$5 Million for any intel that can help them locate the Hidden Cobra group. It includes their previous and ongoing schemes to stop their illegal activities permanently.

Aside from the reward, they have also provided instructions that must include codes and routines in any organization’s malware detection procedures. The instructions were written using the Snort Rule code, in which Cyber Security people can manually do different ways of performing malware detection and keep up with the various strategies of a brute force attack.

In the end, they encouraged owners and system administrators to be more vigilant and invest in strengthening their stance against any malicious actors, especially those from North Korea, which are seemingly persistent with their illegal activities, as shown in the reports.

About the author

Leave a Reply