Skip to main content

U.S. claims North Korea has been silently infiltrating networks since 2009

The Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) claim North Korea is silently infiltrating the media, aerospace, financial, and critical infrastructure sectors both in and out of the United States using two known families of malware. They believe the attack has been underway since at least 2009 and conducted by a state-sponsored hacker group dubbed as Hidden Cobra. 

In a joint Technical Alert issued on Wednesday, the DHL and FBI claim that Hidden Cobra is using two pieces of malware in its campaign: a remote access tool called Joanap and a Server Message Block (SMB) worm named Brambul. The goal is to infiltrate networks, maintain a presence undetected, and send all collected information back to the hacker group. 

“FBI has high confidence that Hidden Cobra actors are using the IP addresses — listed in this report’s IOC files — to maintain a presence on victims’ networks and enable network exploitation. DHS and FBI are distributing these IP addresses and other IOCs to enable network defense and reduce exposure to any North Korean government malicious cyber activity,” the report states. 

Joanap is typically the payload of another malware obtained through a compromised website or a malicious email attachment. It can establish a peer-to-peer network to create a botnet and accept commands from the hacker group. 

Outside the botnet aspect, Joanap is capable of file management on a compromised Windows device, process management, the creation and deletion of directories, and node management. The Technical Alert says once Joanap infects a PC, it creates a file to capture and store information such as the host IP address, the hostname, and the current system time. 

According to the report, an analysis of the infrastructure used by Joanup identified 87 compromised network nodes in 17 countries including Brazil, China, Egypt, Iran, Saudi Arabia, Sweden, and Taiwan.  

Meanwhile, Brambul is a worm serving as a “dropper” malware payload obtained by compromised sites and infected files. Once executed, it will scan the local network for additional PCs and attempt to gain unauthorized access through the file-sharing feature built into Windows. This is done through brute-force password attacks using a list of embedded passwords. 

If successful, Brambul will contact Hidden Cobra and relay the IP address, hostname, username, and password of each infiltrated PC. The hacker group can then remotely access the compromised PCs via the Windows file-sharing protocol (SMB) to harvest information, infect other PCs on the network, and more. 

While both malware can be troublesome for the mainstream web surfer, they could devastate corporations by obtaining proprietary and/or sensitive information, disrupting regular operations, and harm their reputation. The financial losses due to eradicating the malware can be costly as well. 

“DHS and FBI recommend that network administrators review the information provided, identify whether any of the provided IP addresses fall within their organizations’ allocated IP address space, and—if found—take necessary measures to remove the malware,” the report states. 

A downloadable copy of the indicators of compromise are available in CSV and STIX formats.

Editors' Recommendations

Kevin Parrish
Former Digital Trends Contributor
Kevin started taking PCs apart in the 90s when Quake was on the way and his PC lacked the required components. Since then…
Great for school, this 14-inch laptop is on sale for $270
Asus Vivobook S 14 Flip front angled view showing display and keyboard deck.

If it's time to replace your outdated laptop but you're on a tight budget, look no further than Best Buy's offer for the Asus Vivobook 14. From its original price of $430, you can get it for just $270 following a $160 discount, for one of the most affordable laptop deals that you can buy right now. There's always high demand for cheap but dependable laptops, so we don't expect this bargain to last long -- it's highly recommended that you complete your purchase immediately.

Why you should buy the Asus Vivobook 14
The Asus Vivobook 14 is equipped with the 11th-generation Intel Core i3 processor and integrated Intel UHD Graphics 770, in addition to 8GB of RAM that's considered by our guide on how much RAM do you need as a good starting point for laptops. You won't be able to run demanding tasks like video editing on the Asus Vivobook 14 as it's nowhere near as powerful as the top-of-the-line models of the best laptops, but for basic functions like browsing the internet, typing documents, and checking social media, it's more than enough.

Read more
Best Buy just dropped the price of this 17-inch Chromebook under $300
asus cxb170cka chromebook deal best buy may 2023 17 inch promotional image

If you're looking through laptop deals for a device with a large display but your budget's tight, you may want to set your sights on the 17-inch Asus CXB170CKA Chromebook. It's already pretty affordable at its original price of $389, but Best Buy's $90 discount makes it even cheaper at just $299. The offer may end at any moment though, so if you don't want to miss out, you shouldn't waste time thinking about it -- proceed with your purchase as soon as possible.

Why you should buy the 17-inch Asus CXB170CKA Chromebook
The Asus CXB170CKA Chromebook is equipped with a 17.3-inch Full HD display, for sharp details and realistic colors when you're browsing the internet, working on a project, or watching streaming content. However, for a device with such a screen, it's still light at just a little over 5 lbs., while its thickness of 0.78 of an inch means it's easy to slide into your bag to take with you when you're on the go. The Chromebook also has a built-in HD webcam with a microphone, so you'll be able to use it to join online meetings as long as you're connected to the internet.

Read more
Best Prime Day deals: What to expect on Prime Day 2023
Best Prime Day 2022 Deals graphic with multiple products.

Doesn't Prime Day feel like it comes around sooner every year? Kind of like Christmas but for anyone who's hunting around for deals, we're huge fans of Amazon's Prime Day event. It's often one of the best times of year to score a great deal on some very highly sought after products. If you've somehow missed all the fuss in recent years, or you simply need a refresher on the event, we're here to help. Below, we've explained exactly what is Prime Day (you're going to love it), when the event is likely to be, and what to expect too. If you're wondering if other retailers are getting in on the act and everything else you need to know, we've got you covered. Keep reading and remember to be excited -- it's going to be a good one.
What is Prime Day?
Prime Day is Amazon's biggest sales event of the year. It also tends to be the biggest sales period outside of Black Friday and Cyber Monday.

The event started back in 2015 to celebrate Amazon's 20th birthday. Since then, it's gone from strength to strength with hundreds of millions of products sold during the event. Originally, it started out as a one-day sales event but it now encompasses two days so there are plenty of opportunities to save big.

Read more