Latest in Gear

Image credit:

FBI links North Korea hackers to two more malware attacks

State-backed actors may be behind the Joanap and Brambul threats.
Kris Holt, @krisholt
May 30, 2018
Share
Tweet
Share

Sponsored Links

NurPhoto via Getty Images

The FBI and the Department of Homeland Security have linked more malware with North Korean hackers. The agencies say state-backed hackers called Hidden Cobra have likely used remote access tool Joanap and server message block worm Brambul to infiltrate the global media, aerospace, financial and critical infrastructure sectors. The attacks are part of a North Korea cyberattack campaign that has persisted since at least 2009, the agencies wrote in a Technical Alert.

DHS and the FBI identified IP addresses and other indicators associated with the malware to help organizations protect themselves against the threats. Joanap lets hackers run commands remotely -- they can scrape data, install more malware and manage files and directories. Brambul, meanwhile, can send hackers system information like the IP address, host name, username and password via email, among other things.

Although the malware is largely targeting organizations, there are a few measures you can take to stay more secure at home, the agencies say. Those include running operating systems and software on their latest patches, updating antivirus software, enabling firewalls and more strictly managing how users can install and run unwanted software. Those concerned about the malware might wish to monitor IP addresses linked to the malware for suspicious activity too.

The hackers, who have also been called the Guardians of Peace and the Lazarus Group, have been accused of orchestrating several attacks, such as the 2014 Sony Pictures hack. The group may also have been behind the WannaCry ransomware, which impacted governments, national health services, companies and universities last year.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

Microsoft Teams will add breakout rooms and automated meeting recaps

Microsoft Teams will add breakout rooms and automated meeting recaps

View
Tesla's 1,100HP 'Plaid' Model S sport sedan will arrive in late 2021

Tesla's 1,100HP 'Plaid' Model S sport sedan will arrive in late 2021

View
179 arrested in 'Operation DisrupTor' dark web drug takedown

179 arrested in 'Operation DisrupTor' dark web drug takedown

View
Amazon says it has nothing to do with the Echelon 'Prime Bike'

Amazon says it has nothing to do with the Echelon 'Prime Bike'

View
Tesla lays out 'Battery Day' plans that lead to a $25,000 electric car

Tesla lays out 'Battery Day' plans that lead to a $25,000 electric car

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr