Skip to main content

U.S. claims North Korea has been silently infiltrating networks since 2009

The Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) claim North Korea is silently infiltrating the media, aerospace, financial, and critical infrastructure sectors both in and out of the United States using two known families of malware. They believe the attack has been underway since at least 2009 and conducted by a state-sponsored hacker group dubbed as Hidden Cobra. 

In a joint Technical Alert issued on Wednesday, the DHL and FBI claim that Hidden Cobra is using two pieces of malware in its campaign: a remote access tool called Joanap and a Server Message Block (SMB) worm named Brambul. The goal is to infiltrate networks, maintain a presence undetected, and send all collected information back to the hacker group. 

“FBI has high confidence that Hidden Cobra actors are using the IP addresses — listed in this report’s IOC files — to maintain a presence on victims’ networks and enable network exploitation. DHS and FBI are distributing these IP addresses and other IOCs to enable network defense and reduce exposure to any North Korean government malicious cyber activity,” the report states. 

Joanap is typically the payload of another malware obtained through a compromised website or a malicious email attachment. It can establish a peer-to-peer network to create a botnet and accept commands from the hacker group. 

Outside the botnet aspect, Joanap is capable of file management on a compromised Windows device, process management, the creation and deletion of directories, and node management. The Technical Alert says once Joanap infects a PC, it creates a file to capture and store information such as the host IP address, the hostname, and the current system time. 

According to the report, an analysis of the infrastructure used by Joanup identified 87 compromised network nodes in 17 countries including Brazil, China, Egypt, Iran, Saudi Arabia, Sweden, and Taiwan.  

Meanwhile, Brambul is a worm serving as a “dropper” malware payload obtained by compromised sites and infected files. Once executed, it will scan the local network for additional PCs and attempt to gain unauthorized access through the file-sharing feature built into Windows. This is done through brute-force password attacks using a list of embedded passwords. 

If successful, Brambul will contact Hidden Cobra and relay the IP address, hostname, username, and password of each infiltrated PC. The hacker group can then remotely access the compromised PCs via the Windows file-sharing protocol (SMB) to harvest information, infect other PCs on the network, and more. 

While both malware can be troublesome for the mainstream web surfer, they could devastate corporations by obtaining proprietary and/or sensitive information, disrupting regular operations, and harm their reputation. The financial losses due to eradicating the malware can be costly as well. 

“DHS and FBI recommend that network administrators review the information provided, identify whether any of the provided IP addresses fall within their organizations’ allocated IP address space, and—if found—take necessary measures to remove the malware,” the report states. 

A downloadable copy of the indicators of compromise are available in CSV and STIX formats.

Kevin Parrish
Former Digital Trends Contributor
Kevin started taking PCs apart in the 90s when Quake was on the way and his PC lacked the required components. Since then…
Save $150 on a lifetime license for Microsoft Office for PC
microsoft office professional 2021 deal stack social april 2024 bundle

For one of the cheapest Office deals today, check out Stack Social which currently has a lifetime license for Microsoft Office Professional 2021 for Windows for just $70. The product normally costs $220 so you’re saving $150 off the regular price, all while gaining a lifetime license for some very useful software. If you’ve been considering getting Office and don’t want to deal with the ongoing nature of Office 365, this is a good opportunity to do so for less. Here’s what you need to know before you click the buy button.

Why you should buy Microsoft Office Professional 2021
If you’ve been reading up on whether to use Microsoft Word or Google Docs and you’ve settled on Word, snapping up Microsoft Office Professional 2021 is a great way to do so for less. Described as everything a pro needs, Microsoft Office Professional 2021 is pretty great.

Read more
Best Squarespace deals: Save on domains, web builder, and more
A laptop with Squarespace displayed on the screen.

Nowadays, everybody has a website, whether it's for personal stuff, to show off their online portfolio, or even to sell something. Of course, building a website isn't always easy, especially for those who aren't tech-savvy, but you'll be surprised at how easy it is to build a website with Squarespace, even for beginners. Luckily, there is currently a great sale going on at Squarespace to give you an extra nudge to grab yourself a subscription, with annual plans giving you up to 36% off, as well as a short-term 20% off sitewide with the code W4D20.

Besides just website building, there are a ton of perks of subscription, from hosting to email campaigns and even Squarespace Courses, which is pretty unique for a website-building website. So, if that sounds like something you'd like to be a part of, we've listed all the ways you can save on Squarespace subscriptions below.
Today’s best Squarespace deals

Read more
Microsoft Word free trial: Get a month of service for free
A person using MS Word.

It may not feel like it, but Microsoft Word is probably one of the most popular word processors out there, along with Google Docs, and pretty much everybody has likely used it at some point, regardless if you prefer Microsoft Office to Google Docs. Of course, if you want to get your hands on it these days, you're going to have to buy it as part of Microsoft Office, as opposed to getting it as a standalone product like you used to. While you do have to pay for the subscription, you can get Microsoft Word for a month using the free trial before it reverts to a paid subscription. Also, be sure to check out some of these useful Microsoft Words tricks and even how to run Microsoft Office on the Quest 3.
Is there a Microsoft Word free trial?

Microsoft Word is actually part of the company's wider Office app suite. Now known simply as Microsoft 365 (formerly Microsoft Office), Microsoft's enterprise software is available in a number of different packages that are now subscription-based; the company has retired the older bundles that were available for a one-time payment. That means if you want a Microsoft Word free trial, you'll need to sign up for the Microsoft 365 trial.

Read more