U.S. cyber command officially releases seven North Korean government malware

The U.S. Department of Defense's Cybersecurity and Infrastructure Security Agency (CISA) , working with the Federal Bureau of Investigation (FBI), identified seven types of malware as `` malware used by the North Korean government '' on February 14, 2020 It was announced.

North Korean Malicious Cyber Activity | CISA
https://www.us-cert.gov/northkorea

US government goes all in to expose new malware used by North Korean hackers | Ars Technica
https://arstechnica.com/tech-policy/2020/02/us-government-exposes-malware-used-in-north-korean-sponsored-hacking-ops/

Pentagon, FBI, DHS to jointly expose a North Korean hacking effort-CyberScoop
https://www.cyberscoop.com/hidden-cobra-malware-north-korea-fbi-dhs-dod-virus-total/

The U.S. Cyber Force (USCYBERCOM) tweeted on Twitter, 'The FBI has disclosed malware belonging to the North Korean government. This malware allows North Korean cybercriminals to engage in illegal activities through phishing and remote access, It is used to steal money and avoid sanctions against North Korea. '

Malware attributed to #NorthKorea by @FBI_NCIJTF just released here: https://t.co/cBqSL7DJzI .This malware is currently used for phishing & remote access by #DPRK cyber actors to conduct illegal activity, steal funds & evade sanctions. #HappyValentines @CISAgov @DHS @US_CYBERCOM

— USCYBERCOM Malware Alert (@CNMF_VirusAlert) February 14, 2020

Malware that the United States authorities announced this time, to conceal the network attack by North Korea government HOPLIGHT 7 kind of, including the Trojan horse in the malware, in addition to detailed behavior and hash value on the site of the CISA has been published, It has been uploaded to the malware research platform VirusTotal under Google and has been verified.

According to CISA, `` The U.S. government calls the North Korean government's malicious cyber activities 'HIDDEN COBRA', '' and the malware identified this time and the criminal acts using it were attributed to the North Korean government. Has been explicitly stated. 'HIDDEN COBRA', also known as Lazarus Group , is believed to have been involved in cyber crimes and intimidation when Sony Pictures released the movie ' The Interview ' in 2014.

It is reported that North Korea has hacked Sony Pictures-GIGAZINE

Also, ransomware ' WannaCry ', which has been rampant worldwide since around 2017, is said to have been created by members of 'HIDDEN COBRA'.

U.S.A. to prosecute North Korean hacker involved in ransomware `` WannaCry '' creation and hacking to Sony Pictures-gigazine

Costin Raiu, who leads the research team at security company Kaspersky, said on Twitter that the identified malware was similar to `` Lazarus Group malware discovered separately by a Moscow-based security company '' on Twitter. It is public, suggesting that cybercrime involving the North Korean government is even more widespread.

KTAE (Kaspersky Threat Attribution Engine) similarity analysis for the samples posted today by US Cybercom. # Lazarus #andariel #bluenoroff pic.twitter.com/ciUtSBKxtc

— Costin Raiu (@craiu) February 14, 2020

'This is the first time that the Pentagon's Cyber Command has released North Korean hacking activities by name,' said CyberScoop, an IT news site. Ars Technica, a news site, said, `` The U.S. government has been cautious about linking hacking activities with governments in certain countries for many years, but in 2014 the FBI said, `` The government is changing its policy following the announcement that the government is a North Korean government. '' Showed.