US outlines the North Korea cybersecurity threat - Telecoms.com

US outlines the North Korea cybersecurity threat - Telecoms.com







In a joint statement, US Government agencies have outlined the cybersecurity threats which have been attributed to North Korea.


With the days of James Bond espionage increasingly becoming a thing of the past, cyber criminals are becoming more common and organised. On one side of the coin, this could be private criminals, think of a digital Mafia, but state-sponsored campaigns and attacks are just as, if not more, common.


Russia and China might hit the headlines frequently, but North Korea is a long-time enemy of the US and it appears the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Defense (DoD) hasn’t forgotten about it.


All state-sponsored cybersecurity activity tied to North Korea is code-named Hidden Cobra, and thus far, seven malware variants have been publicly announced.


  • Hoplight – proxy applications that mask traffic between the malware and the remote operators

  • Bistromath – performs simple XOR network encoding and are capable of many features including conducting system surveys, file upload/download, process and command execution, and monitoring the microphone, clipboard, and the screen.

  • Slickshoes – a Themida-packed dropper that decodes and drops a file “C:WindowsWeb askenc.exe” which is a Themida-packed beaconing implant

  • Hotcroissant – custom XOR network encoding and is capable of many features including conducting system surveys, file upload/download, process and command execution, and performing screen captures

  • Artfulpie – performs downloading and in-memory loading and execution of a DLL from a hardcoded url

  • Buffetline – sample uses PolarSSL for session authentica ..

    Support the originator by clicking the read the rest link below.