The Silicon Review
01 June, 2018
The FBI and DHS have recently released a technical alert warning about two newly discovered malware that North Korean hacking group, Hidden Cobra are using to remotely penetrate systems and to steal sensitive data and credentials.
Being used by the notorious hacking group, the U.S. government code-named the malware as Joanap, which is a Remote Access Trojan (RAT) and Brambul, which is a Server Message Block (SMB) worm.
Often known as Lazarus Group and Guardians of Peace, Hidden Cobra is believed to be backed by the North Korean government. According to the U.S. government, known for launching attacks mostly against media organizations, aerospace, financial and critical infrastructure sectors across the world, the Hidden Cobra hackers have been using the two new pieces of malware since at least 2009.
This ill-famous hacking group was even associated with the nasty WannaCry ransomware attack that last year shut down hospitals and businesses and created havoc all across the globe. That’s not all! Hidden Cobra is also associated with the 2014 Sony Pictures hack, as well as the 2016 SWIFT Banking attack.
According to the US-CERT, Joanap is a two-stage malware that establishes peer-to-peer communications allowing the hackers to remotely execute commands to pwn Windows device.
Joanap can compromise any system as a file either dropped via malware when downloaded from compromised sites or when someone opens malicious email attachments. According to an analysis of the Joanap infrastructure, the malware is found on 87 pwned network nodes in 17 countries including nations such as Brazil, China, Spain, Taiwan, Sweden, India, and Iran.
Brambul is a brute-force authentication worm that pwns the Server Message Block (SMB) protocol and spread itself to other systems.
Spreads through SMB shares, the malicious Windows 32-bit SMB worm, Brambul is a dynamic link library file often dropped and installed onto victims' networks by dropper malware. Once Brambul is successful in gaining access to infected systems, the malware then communicates information about victim's systems to the Hidden Cobra hackers using email. The information includes the IP address and hostname as well as credentials of each victim's system.
The ongoing Covid pandemic had significantly increased the number of mobile and internet users worldwide. The high amount of usage is expected to drop...
Singapore’s open economy depends heavily on tourism and business. But its vibrant but small economy has been hurting as the circumstances due to...
2020 has been an unforgettable year for many of us. The ongoing Covid crisis has reminded people that it is very important to have an uninterrupted an...
Department of Telecommunications (DoT) is all set to announce the new schedule for 5G trials. The Dot made this decision after being pulled by the par...