Typeframe/Robinraj Premchand

US warns of another malware from North Korea

Image by Robinraj Premchand / Pixabay /

North Korea is allegedly conducting another malware operation, according to the Malware Analysis Report released by the United States Department of Homeland Security’s Computer Emergency Response Team (US-CERT). The malware called Typeframe is said to originate from the hermit country’s hacking team, the Hidden Cobra.

The malware is said to be using Trojan malware variants software or a deceitful type of malware that acts as legitimate software and attacks computers and computer systems.

Authorities have warned companies to guard their systems and report of any suspicious or malicious software lurking within their networks.

“This MAR includes malware descriptions related to Hidden Cobra, suggested response actions and recommended mitigation techniques,” the advisory says. “Users and administrators should flag activity associated with the malware, report the activity to the DHS National Cybersecurity and Communications Integration Center (NCCIC) or the FBI Cyber Watch (CyWatch), and give the activity the highest priority for enhanced mitigation.”

“This malware report contains analysis of 11 malware samples consisting of 32-bit and 64-bit Windows executable files and a malicious Microsoft Word document that contains Visual Basic for Applications (VBA) macros,” the advisory states. “These files have the capability to download and install malware, install proxy and Remote Access Trojans (RATs), connect to command and control (C2) servers to receive additional instructions, and modify the victim’s firewall to allow incoming connections.”

Hidden Cobra seems to be hard at work lately, especially the days prior to the summit between US President Donald Trump and North Korea’s Kim Jong Un.

It is also the group that was reported to have attacked aerospace, financial and media in June 2017. Before the Typeframe advisory, the US-CERT sent out an alert on Brambul and Joanap malware strains in May.

The WannaCry ransomware attack in 2017 as well as at the hacking of Sony Pictures in 2014 have all ben attributed to the Hidden Cobra group.

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.