MENU × BUSINESS
Banking And InsuranceCryptocurrencyDigital MarketingErpFood And BeveragesHealthcareLegalMarketing And AdvertisingMedia And EntertainmentMetals And MiningOil And GasRetailTelecom
TECHNOLOGY
Artificial IntelligenceBig DataCloudCyber SecurityE CommerceEducationGaming And VfxIT ServiceMobileNetworkingSAPScience And TechnologySecuritySoftwareStorage
PLATFORM
CiscoDatabaseGoogleIBMJuniperM2MMicrosoftOracleOracleRed Hat
LEADERSHIP
CEO ReviewCompany Review
MAGAZINE
ASIA INDIA
STARTUPS CLIENT SPEAK CONTACT US

The Silicon Review Asia

The U.S. Government Issues Alert over Two New Malware Related To Hidden Cobra

The U.S. Government Issues Alert over Two New Malware Related To Hidden Cobra

The FBI and DHS have recently released a technical alert warning about two newly discovered malware that North Korean hacking group, Hidden Cobra are using to remotely penetrate systems and to steal sensitive data and credentials.

Being used by the notorious hacking group, the U.S. government code-named the malware as Joanap, which is a Remote Access Trojan (RAT) and Brambul, which is a Server Message Block (SMB) worm.

Often known as Lazarus Group and Guardians of Peace, Hidden Cobra is believed to be backed by the North Korean government. According to the U.S. government, known for launching attacks mostly against media organizations, aerospace, financial and critical infrastructure sectors across the world, the Hidden Cobra hackers have been using the two new pieces of malware since at least 2009.

This ill-famous hacking group was even associated with the nasty WannaCry ransomware attack that last year shut down hospitals and businesses and created havoc all across the globe. That’s not all! Hidden Cobra is also associated with the 2014 Sony Pictures hack, as well as the 2016 SWIFT Banking attack.

Joanap

According to the US-CERT, Joanap is a two-stage malware that establishes peer-to-peer communications allowing the hackers to remotely execute commands to pwn Windows device.

Joanap can compromise any system as a file either dropped via malware when downloaded from compromised sites or when someone opens malicious email attachments. According to an analysis of the Joanap infrastructure, the malware is found on 87 pwned network nodes in 17 countries including nations such as Brazil, China, Spain, Taiwan, Sweden, India, and Iran.

Brambul

Brambul is a brute-force authentication worm that pwns the Server Message Block (SMB) protocol and spread itself to other systems.

Spreads through SMB shares, the malicious Windows 32-bit SMB worm, Brambul is a dynamic link library file often dropped and installed onto victims' networks by dropper malware. Once Brambul is successful in gaining access to infected systems, the malware then communicates information about victim's systems to the Hidden Cobra hackers using email. The information includes the IP address and hostname as well as credentials of each victim's system.

YOU MAY ALSO LIKE

Tariff plans will cost higher from the next financial year as telecom companies are gearing up to increase rates

The ongoing Covid pandemic had significantly increased the number of mobile and internet users worldwide. The high amount of usage is expected to drop...

Business Travelers to Stay at Singapore’s Changi Airport Bubble

Singapore’s open economy depends heavily on tourism and business. But its vibrant but small economy has been hurting as the circumstances due to...

Countries in Asia-Pacific are marching towards ‘green recovery’ amidst Covid-19 crisis

2020 has been an unforgettable year for many of us. The ongoing Covid crisis has reminded people that it is very important to have an uninterrupted an...

Department of Telecommunication to announce the new schedule for 5G trials

Department of Telecommunications (DoT) is all set to announce the new schedule for 5G trials. The Dot made this decision after being pulled by the par...

RECOMMENDED