The FBI and the Cybersecurity Infrastructure Security Agency (CISA) have released new information on North Korean malware in the form of six new and updated Malware Analysis Reports (MARs).
The U.S. authorities released these MARs to provide organizations with detailed malware analysis information that was collected through manual reverse engineering of malware samples. At the same time, the reports were released to help network defenders identify and reduce malicious activity by the North Korean government, which the U.S. government calls HIDDEN COBRA.
CISA advises all users and administrators to carefully review the information on seven MARs in a blog post that states:
“Each MAR contains malware descriptions, suggested responses, and suggested remedial actions. Users or administrators should flag activities related to the malware and report the activities to CISA or the FBI Cyber Watch (CyWatch) and give the activity the highest priority for improved mitigation. “
North Korean Malware
In addition to the release of New Cybers, US Cyber Command, malware samples were also uploaded to VirusTotal and said in a tweet :" This malware is currently distributed by # DVRK- Cyber actors used for phishing and remote access to carry out illegal activities, steal and evade funds. " Sanctions ".
The reports published by CISA include a detailed analysis of six new malware examples currently being pursued by the US authorities under the names Bistromath, Slickshoes, Crowdedflounder, Hotcroissant, Artfulpie and Buffetline.
Some including remote access trojans (RAT) and malware droppers, others are described as full-featured beaconing implants used for downloading, uploading, deleting, and executing files.
CISA and other US agencies write agencies the malware to a hacking group called HIDDEN COBRA supported by the North Korean government, but the group is also known as the Lazarus Group and North Korea's largest and most active hacking division.