Entertainment US Cyber Command, DHS, and FBI expose new North Korean malware
North Korea confirms former defense commander is new foreign minister
North Korea confirms former defense commander is new foreign ministerThe official KCNA news agency reported Ri, the latest military official to be promoted under North Korean leader Kim Jong Un, gave a speech as minister at a New Year dinner reception hosted by the ministry on Thursday for embassies and international organizations.
US Cyber Command, the Department of Homeland Security, and the Federal Bureau of Investigations have exposed today a new North Korean hacking operation.
Authorities have published security advisories detailing six new malware families that are currnetly being used by North Korean hackers.
According to the Twitter account of the Cyber National Mission Force (CNMF), a subordinate unit of US Cyber Command, the malware is being distributed via a North Korean phishing campaign.
Kim Jong Un’s Aunt Appears in Public for First Time in Six Years
North Korean leader Kim Jong Un’s aunt, Kim Kyong Hui, appeared in state media on Sunday, the first time she has been seen in public since her husband Jang Song Thaek was executed in 2013. © Bloomberg Kim Jong Un, North Korea's leader, prepares for his departure to North Korea at the railway station in Vladivostok, Russia, on Friday, April 26, 2019. Kim said the summit will be a “starting point for productive talks on cooperation,” Vesti TV reported him as saying in an interview. The 73-year-old sat two seats away from her nephew, according to a photo by Korean Central News Agency.
US Cyber Command believes the malware is used to provide North Korean hackers with remote access to infected systems in order to steal funds that are later transfered back to North Korea, as a way to avoid economical sanctions.
The North Korean government has a long history of using hackers to steal funds from banks and cryptocurrency exchanges in order to evade economic sanctions and raise funds for its nuclear weapons and missile programs.
In September 2019, the US Department of the Treasury imposed sanctions on the Pyongyang regime.
Six new North Korean malware families
Along with the Twitter alert sent by US Cyber Command, the DHS' Cybersecurity and Infrastructure Security Agency (CISA) has also published today detailed reports on its website.
N Korea delays removal of S Korean facilities over outbreak
SEOUL, South Korea (AP) — North Korea has postponed plans to tear down South Korean-made hotels and other facilities at the North’s Diamond Mountain resort to prevent the spread of a new virus that has reached the South after sickening thousands in China. The North’s decision, which was conveyed to the South through a fax message late Thursday, came as it intensifies precautions against the outbreak, including blocking tourists, reducing flights and mobilizing screening efforts in a nationwide campaign state media described as a matter of “national existence.
The reports provide an in-depth analysis on the six new malware samples US authorities have been recently tracking. They are:
- - described as "a full-featured RAT"
- - described as a malware dropper (loader)
- - described as a "32-bit Windows executable, which is designed to unpack and execute a Remote Access Trojan (RAT) binary in memory."
- - described as a "a full-featured beaconing implant" used for "conducting system surveys, file upload/download, process and command execution, and performing screen captures."
- - described as "an implant that performs downloading and in-memory loading and execution of a DLL from a hardcoded URL."
- - described as "a full-featured beaconing implant" that can "download, upload, delete, and execute files; enable Windows CLI access; create and terminate processes; and perform target system enumeration."
Aupdates information on HOPLIGHT, a proxy-based backdoor trojan the DHS and FBI .
Former N. Korea diplomat to run in South's elections
The highest-profile North Korean defector in the South declared himself a candidate for parliament Tuesday, in a move he said would demonstrate democratic freedoms in his new home. Thae Yong Ho, who fled his post as the North's deputy ambassador to Britain in August 2016, has since become a prominent and outspoken critic of Pyongyang and the engagement approach pursued by the South's President Moon Jae-in.
CISA attributes malware to Lazarus Group
CISA attributed the malware to a North Korean government-backed hacking group known as HIDDEN COBRA.
This group, also known under the name of the Lazars Group, is North Korea's largest and most active hacking division.
Previously,for their involvement in several security incidents, including the Sony 2014 hack, the attack on the Bangladesh bank in 2016, and for orchestrating the WannaCry ransomware outbreak in May 2017.
In a screenshot shared with ZDNet, a member of Kaspersky GReAT, Kaspersky's elite hacker-hunting unit, pointed out that the malware samples also shared code with other North Korean malware strains used in past ooperations -- effectively confirming the CISA/FBI/Cyber Command attribution.
Continuing naming-and-shaming approach
Today's revelations mark just another step in the US government's new approach to handling foreign cyber-security operations conducted against US targets.
While in previous years the US government has avoided saying anything about attacks against government entities and the private sector, they recently adopted a "name-and-shame" approach.
Android saw a 98 percent drop in apps asking for call and text data
Google has been clamping down on Android apps that abuse permissions, and that appears to have had a very tangible effect on the Play Store. As part of a larger piece explaining how Google continues to fight "bad apps," the company revealed that there was a 98 percent drop in the number of Play Store apps accessing call log and SMS data in 2019. Simply put, an October 2018 policy against unnecessary access had its intended effect. The remaining 2 percent are apps that really do require call and text data to perform their core tasks, according to Google.
Previously, this included security alerts on the DHS/CISA websites and legal cases filed by the Department of Justice, but this recently expanded to the use of Tresury Department sanctions and White House press releases calling out foreign orchestrated cyber-attacks.
In November 2018, the name-and-shame approach also added a new tactic when US Cyber Command began uploading "unclassified malware samples" to VirusTotal, and announced uploads via a Twitter account.
Initial samples were linked toand hacking groups.
Subsequently, US Cyber Command also began uploading malware samples related to North Korean hacking activity -- in, , and .
However, in neither of all previous cases has US Cyber Command ever attributed any malware samples to a state actor, leaving the attrbution to experts from private cyber-security firms.
As Cyberscoop pointed out today,that US Cyber Command has publicly linked one of these malware samples to a nation-state actor itself, rather than relying on the privat sector.
Private sector urged to action
But the purpose of today's security advisories was to raise awareness about ongoing North Korean hacking campaigns.
The six+one CISA security advisories include indicators of compromise (IOCs) and YARA rules to help companies and government organizations search internal networks for any signs of North Korean malware.
According to Cyberscoop, US officials have also sent private security alerts to the US private sector before today's public disclosure, urging companies to look into the current threat.
The scale of the current North Korean attacks against US targets is unknown, but judging by the three similar exposés from last year, it is believed that North Korean attacks are coming in a constant wave.
Since 2018,. The agency previously released reports on WannaCry, DeltaCharlie (two reports), Volgmer, FALLCHILL, BANKSHOT, BADCALL, HARDRAIN, SHARPKNOT, an unnamed remtoe access trojan/worm, Joanap and Brambul, TYPEFRAME, KEYMARBLE, FASTCash (two reports), and the older HOPLIGHT report.
In January 2019, the DOJ, FBI, and US Air Force also intervened to take down the Joanap botnet, believed to have been built by North Korean hackers to aid in their operations and to serve as a network of proxies to disguise the origin of their attacks.
North Korea praises Donald Trump, evokes a new summit
La North Korea praised Donald Trump on Friday, ascribing wisdom and courage to the President and likening him favorably to other "politicians in Washington" who are said to be "obsessed" with the demand for a unilateral North Korean denuclearization .
According to Kim Kye Gwan, adviser to the North Korean Ministry of Foreign Affairs, the idea of a new summit between Mr. Trump and the leader Kim Jong Un "is very present these days in the United States".
In a press release published by the official North Korean press agency KCNA, the adviser mentions positively the three previous meetings between MM. Kim and Trump, in Singapore in 2018, in Hanoi last February, and finally in June in the Demilitarized Zone (DMZ) which separates the two Koreas.
These events "were historic occasions" which enabled the two men to "express their political will to put an end" to the hostility in relations between the two countries, said the North Korean adviser.
However, he continued, while North Korea has since made these "sincere efforts to build confidence", the United States has resumed its joint military maneuvers with South Korea and has strengthened its sanctions against Pyongyang.
Kim Kye Gwan deplores in his press release that American officials, whom he does not name, demand that North Korea abandon its nuclear arsenal as a prerequisite for any improvement in relations between the two countries.
According to the adviser, "it is a harsh reality that politicians in Washington are obsessed with the assertion + nuclear disarmament first +", that these politicians consider that North Korea can have "a bright future only if it gives up first of all its nuclear weapons ", and that they have" the twisted idea "that it was the sanctions that forced Pyongyang to enter into dialogue with Washington.
"It makes me doubt that a new breakthrough is possible at a future summit," said the adviser to the Ministry of Foreign Affairs.
However, "I have found that President Trump is different from his predecessors in terms of political sense and determination" in his attitude towards North Korea, continues the adviser. "So I hope to place my hope in the wise choices and courageous decisions of President Trump," he concluded.
Kim Kye Gwan and the North Korean Ministry of Foreign Affairs "will follow the future actions of the United States," said the press release published by KCNA.
US Cyber Command, DHS, and FBI expose new North Korean malware .
US government agencies send out alert about new North Korean malware and phishing campaign.Authorities have published security advisories detailing six new malware families that are currnetly being used by North Korean hackers.
FBI Lacks Evidence North Korea to Blame for Sony Hack
The FBI still can't prove who was -- or wasn't -- behind last month's cyberattack on Sony Pictures, which led to the theft of thousands of documents and revealed ...
Retired US General Charged With Lying To FBI Over "Stuxnet"
According to a federal indictment released on Monday, a retired U.S. Marine Corps general who last served as vice chairman of the Joint Chiefs of Staff has ...