San Francisco, May 31 (IANS) The US has issued a fresh alert on malicious cyber activity by North Korea, warning people that two families of malware — referred to as Joanap and Brambul — may be using the Internet Protocol (IP) addresses to maintain a presence on victims’ networks and enable network exploitation.
The Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) released the joint Technical Alert (TA) on Wednesday, according to the US Computer Emergency Readiness Team (US-CERT), part of the DHS.
Working with US government partners, DHS and FBI identified the IP addresses and other indicators of compromise associated with the two families of malware used by the North Korean government.
Joanap is a remote access tool (RAT) used to establish peer-to-peer communications and to manage botnets designed to enable other operations.
Brambul malware is a malicious Windows 32-bit Server Message Block (SMB) worm that functions as a service dynamic link library file or a portable executable file often dropped and installed onto victims’ networks by dropper malware.
The US-CERT said that the Department of Homeland Security and FBI are distributing the affected IP addresses and other indicators of compromise to enable network defence and reduce exposure to any North Korean government malicious cyber activity.
The US government refers to malicious cyber activity by the North Korean government as Hidden Cobra.
Hidden Cobra actors have likely been using both Joanap and Brambul malware since at least 2009 to target multiple victims globally and in the US — including the media, aerospace, financial, and critical infrastructure sectors, the US-CERT said citing reporting from its trusted third parties.