News Stay informed about the latest enterprise technology news and product updates.

CISA identifies malware from North Korean hacking group

The Cybersecurity and Infrastructure Security Agency, in conjunction with the FBI and DoD, has identified three variants of malware used by the North Korean government.

The Cybersecurity and Infrastructure Security Agency (CISA), in conjunction with the FBI and Department of Defense, identified three new variants of malware used by a state-sponsored North Korean hacking group.

The three malware variants are known as Copperhedge, Pebbledash and Taintedscribe; Copperhedge is a remote access tool, and the latter two are Trojans. CISA attributed the malware to Hidden Cobra (AKA Lazarus Group), which is credited with much of the nation's malicious state-sponsored activity, including Copperhedge, Pebbledash and Taintedscribe.

The CISA alert did not specify how the malware variants were being used by nation-state hackers, or what entities were being targeting, but the agency did say the malware was being used in current threat activity.

"[The] FBI has high confidence that Hidden Cobra actors are using malware variants in conjunction with proxy servers to maintain a presence on victim networks and to further network exploitation," the CISA malware analysis report said.

U.S. Cyber Command put the malware samples of all three variants on VirusTotal, a website and tool for file and URL analysis, so that other organizations and enterprises can analyze and block them. The CISA alert urged users and administrators to review the samples in VirusTotal, as well as CISA's malware analysis reports, to better defend themselves against the threats.

North Korea has a history of malicious cyber activity, which includes notable exploits such as the 2014 Sony Pictures hack and the 2013 Dark Seoul attacks. Much of its reported malware has consisted of Trojans, but other types of malware are represented as well, such as proxy malware, worms, the WannaCry ransomware and more.

A CISA representative declined to comment further on the alert.

Dig Deeper on Malware, virus, Trojan and spyware protection and removal

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

Nicely detailed report ... thanks for it.

One of the companies I represent -- has had its technology fully-vetted and is in use with the FBI, ATF, DoE, DHS, USAF as well as select corporate accounts including Nasdaq and Exxon-Mobil.

Can tell you from an insider's perspective -- we're entering a challenging new era of ransomware and related threats -- given the shift to home base business, less patchwork, spotty oversight, monitoring, and governance.

Let's all hope for the best!