U.S Defence Warns of 3 New Malware Used by North Korean Hackers #Security - The Entrepreneurial Way with A.I.


Wednesday, May 13, 2020

U.S Defence Warns of 3 New Malware Used by North Korean Hackers #Security

Yesterday, on the 3rd anniversary of the infamous global

WannaCry ransomware

outbreak for which North Korea was blamed, the U.S. government released information about three new malware strains used by state-sponsored North Korean hackers.

Called COPPERHEDGE, TAINTEDSCRIBE, and PEBBLEDASH, the malware variants are capable of remote reconnaissance and exfiltration of sensitive information from target systems, according to a

joint advisory

released by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Defense (DoD).

The three new malware strains are the latest addition to a long list of over

20 malware samples



, among others, that have been identified by the security agencies as originating as part of a series of malicious cyber activity by the North Korean government it calls

Hidden Cobra

, or widely known by the moniker Lazarus Group.

Full-Featured Trojans


, the first of the three new variants, is a full-featured Remote Access Tool (RAT) capable of running arbitrary commands, performing system reconnaissance, and exfiltrating data. It's being used by advanced threat actors to target cryptocurrency exchanges and related entities. Six different versions of COPPERHEDGE have been identified.


functions as a backdoor implant that masquerades itself as Microsoft's Narrator screen reader utility to download malicious payloads from a command-and-control (C2) server, upload, and execute files, and even create and terminate processes.



, like TAINTEDSCRIBE, is another trojan with capabilities to "download, upload, delete, and execute files; enable Windows CLI access; create and terminate processes; perform target system enumeration."

A significant Cyber Espionage Threat


WannaCry ransomware

infection of 2017, also known as Wanna Decryptor, leveraged a Windows

SMB exploit

, dubbed EternalBlue, that allowed a remote hacker to hijack unpatched Windows computers in return for Bitcoin payments of up to $600. The attack has since been

traced to Hidden Cobra


With the Lazarus Group responsible for the theft of more than

$571 million worth of cryptocurrency

from online exchanges, the financially-motivated attacks led the US Treasury to

sanction the group

and its two off-shoots, Bluenoroff and Andariel, last September.

Then earlier this March, the US Department of Justice (DoJ)

charged two Chinese nationals

working on behalf of the North Korean threat actors to allegedly launder over $100 million worth of the stolen cryptocurrency using prepaid Apple iTunes gift cards.

Last month, the US

government had issued guidance

on the 'significant cyber threat' posed by North Korean state-sponsored hackers to the global banking and financial institutions, in addition to offering a monetary reward of up to $5 million for information about past or ongoing illicit DPRK activities in the cyber realm.

"The DPRK's malicious cyber activities threaten the United States and the broader international community and, in particular, pose a significant threat to the integrity and stability of the international financial system," the

advisory cautioned


"Under the pressure of robust US and UN sanctions, the DPRK has increasingly relied on illicit activities – including cybercrime – to generate revenue for its weapons of mass destruction and ballistic missile programs."

via https://www.aiupnow.com by noreply@blogger.com (Ravie Lakshmanan), Khareem Sudlow