The tool, known as a remote access trojan, has been used by North Korean hackers in previous cyberattacks on Turkish banks and other victims, stealing passwords and other data. The successful installation was a red flag, researchers said, that North Korea made it further into the Israeli networks than officials let on.
Full Answer
Is North Korea hacking South Korea with rokrat Trojan?
A North Korean hacking group is utilizing the RokRat Trojan in a fresh wave of campaigns against the South Korean government.
What is the North Korean rat Trojan?
The trojan was attributed by the two agencies to the North Korean government-sponsored hacking group tracked as HIDDEN COBRA (aka Lazarus Group and APT38). According to the agencies' analysis, the RAT comes with "built-in functions for remote operations that provide various capabilities on a victim’s system."
What kind of malware does North Korea use?
A remote access tool, commonly known as Joanap; and Server Message Block worm, commonly known as Brambul. DHS and FBI identified a Trojan malware variant—referred to as SHARPKNOT—used by the North Korean government. SHARPKNOT is a 32-bit Windows executable file.
Why did North Korea’s threat group target government contractors?
A threat group with a nexus to North Korea targeted government contractors early this year to gather intelligence surrounding key military and energy technologies. CISA, FBI, and DoD identified three malware variants used by the North Korean government.
What is Rokrat malware?
In the past, the malware has been used in phishing campaigns that lure victims through emails containing attachments with a political theme -- such as Korean unification and North Korean human rights. RokRat is believed to be the handiwork of APT37, also known as ScarCruft, Reaper, and Group123.
What is a rokrat?
RokRat is a malware variant that will also attempt to maintain stealth by checking for sandboxes and for the presence of VMWare, scan for debugging software, and analyzes DLLs related to Microsoft and iDefense.
North Korean Malicious Cyber Activity
The information contained in the Alerts, Advisories, and MARs listed below is the result of analytic efforts between CISA, FBI, the U.S. Departments of Homeland Security (DHS), Defense (DoD), and Treasury; and U.S. Cyber Command; to provide technical details on the tools and infrastructure used by cyber actors of the North Korean government.
Report Activity Related to This Threat
CISA encourages all organizations to urgently report any additional information related to this threat. Users and administrators should flag associated activity, report the activity to CISA (see below) or FBI Cyber Watch (CyWatch)
Mitigate and Detect this Threat
CISA recommends users and administrators review the publications in the North Korean Malicious Cyber Activity section as well as the following resources for descriptions of tactics and techniques associated with this threat and recommended mitigations and detections. Note: unless specifically stated, neither CISA nor the U.S.
Respond to an Incident
CISA recommends users and administrators consult the Joint Advisory, Technical Approaches to Uncovering and Remediating Malicious Activity, which details technical approaches to uncovering malicious activity and includes mitigation steps according to best practices.
Who is the trojan attributed to?
The trojan was attributed by the two agencies to the North Korean government-sponsored hacking group tracked as HIDDEN COBRA (aka Lazarus Group and APT38).
How much is the reward for DPRK hacking?
In April 2020, the U.S. government offered a reward of up to $5 million for information on DPRK hackers' cyber activity, including past or ongoing operations, that leads to the disruption of DPRK-related illegal activities or to the identification or location of North Korean actors.
What malware was used in May?
Three more North Korean malware variants were exposed in May, including a remote access tool known as COPPERHEDGE and used in attacks against cryptocurrency exchanges, and two trojans known as TAINTEDSCRIBE and PEBBLEDASH.
What is RAT malware?
U.S. government agencies today published a malware analysis report exposing information on a remote access trojan (RAT) malware used by North Korean hackers in attacks targeting government contractors. The malware was identified by the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) ...
What is the malware from North Korea?
New malware from North Korea named BLINDINGCAN has been targeting defense and aerospace sectors, says a CISA report. Defense contractors of companies operating in these sectors are being sent fake job postings to hack into company networks.
What is the new strain of malware?
The US Cybersecurity and Infrastructure Security Agency (CISA) has named a new North Korean malware strain, BLINDINGCAN. This malware has also been called DRATzarus in a report by ClearSky, a UK cyber security firm. The new strain was discovered by agents of the FBI and CISA who were jointly analyzing malware attacks. Their findings have been detailed in the Malware Analysis Report published by CISA.
What is the Hidden Cobra?
Hidden Cobra is one of the foremost hacking groups from North Korea and one of four worldwide major government backed threat actors. The others coming from China, Russia and Iran.
