MENU × BUSINESS
Banking And InsuranceCryptocurrencyDigital MarketingErpFood And BeveragesHealthcareLegalMarketing And AdvertisingMedia And EntertainmentMetals And MiningOil And GasRetailTelecom
TECHNOLOGY
Artificial IntelligenceBig DataCloudCyber SecurityE CommerceEducationGaming And VfxIT ServiceMobileNetworkingSAPScience And TechnologySecuritySoftwareStorage
PLATFORM
CiscoDatabaseGoogleIBMJuniperM2MMicrosoftOracleOracleRed Hat
LEADERSHIP
CEO ReviewCompany Review
MAGAZINE
ASIA INDIA
STARTUPS CLIENT SPEAK CONTACT US

The Silicon Review Asia

The U.S. Government Issues Alert over Two New Malware Related To Hidden Cobra

The U.S. Government Issues Alert over Two New Malware Related To Hidden Cobra

The FBI and DHS have recently released a technical alert warning about two newly discovered malware that North Korean hacking group, Hidden Cobra are using to remotely penetrate systems and to steal sensitive data and credentials.

Being used by the notorious hacking group, the U.S. government code-named the malware as Joanap, which is a Remote Access Trojan (RAT) and Brambul, which is a Server Message Block (SMB) worm.

Often known as Lazarus Group and Guardians of Peace, Hidden Cobra is believed to be backed by the North Korean government. According to the U.S. government, known for launching attacks mostly against media organizations, aerospace, financial and critical infrastructure sectors across the world, the Hidden Cobra hackers have been using the two new pieces of malware since at least 2009.

This ill-famous hacking group was even associated with the nasty WannaCry ransomware attack that last year shut down hospitals and businesses and created havoc all across the globe. That’s not all! Hidden Cobra is also associated with the 2014 Sony Pictures hack, as well as the 2016 SWIFT Banking attack.

Joanap

According to the US-CERT, Joanap is a two-stage malware that establishes peer-to-peer communications allowing the hackers to remotely execute commands to pwn Windows device.

Joanap can compromise any system as a file either dropped via malware when downloaded from compromised sites or when someone opens malicious email attachments. According to an analysis of the Joanap infrastructure, the malware is found on 87 pwned network nodes in 17 countries including nations such as Brazil, China, Spain, Taiwan, Sweden, India, and Iran.

Brambul

Brambul is a brute-force authentication worm that pwns the Server Message Block (SMB) protocol and spread itself to other systems.

Spreads through SMB shares, the malicious Windows 32-bit SMB worm, Brambul is a dynamic link library file often dropped and installed onto victims' networks by dropper malware. Once Brambul is successful in gaining access to infected systems, the malware then communicates information about victim's systems to the Hidden Cobra hackers using email. The information includes the IP address and hostname as well as credentials of each victim's system.

YOU MAY ALSO LIKE

Marketing Partnership: NBA, McDonald’s Will Jointly open NBA Experience Zones India

There is good news for all basketball fans in India. Very soon, NBA themed promotions and experience zones will be launched in India. The announcement...

Dunzo to Raise Funds from Google, others

Dunzo, the app which is trying to make life easier for the people upto some extent plans to raise about Rs. 183 crore from different investors which a...

Sapta Shakti Command Will Be Displaying Defence Technology Equipment at Jaipur Military Station

This event is organised with an aim to provide an opportunity where one and all can experience the developments in the field of defence and security-r...

Samsung is All Set to Roll out Its Galaxy A9 Smartphone On November 20

After Samsung unveiled its new Galaxy A9 smartphone in Singapore last month, the company is all set to launch it in India on November 20. In Singapore...

RECOMMENDED