Yesterday, on the 3rd anniversary of the infamous global
WannaCry ransomwareoutbreak for which North Korea was blamed, the U.S. government released information about three new malware strains used by state-sponsored North Korean hackers.
Called COPPERHEDGE, TAINTEDSCRIBE, and PEBBLEDASH, the malware variants are capable of remote reconnaissance and exfiltration of sensitive information from target systems, according to a
joint advisoryreleased by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Defense (DoD).
The three new malware strains are the latest addition to a long list of over
20 malware samples, including BISTROMATH, SLICKSHOES, HOPLIGHT, and
ELECTRICFISH, among others, that have been identified by the security agencies as originating as part of a series of malicious cyber activity by the North Korean government it calls
Hidden Cobra, or widely known by the moniker Lazarus Group.
Full-Featured Trojans
COPPERHEDGE, the first of the three new variants, is a full-featured Remote Access Tool (RAT) capable of running arbitrary commands, performing system reconnaissance, and exfiltrating data. It's being used by advanced threat actors to target cryptocurrency exchanges and related entities. Six different versions of COPPERHEDGE have been identified.
TAINTEDSCRIBEfunctions as a backdoor implant that masquerades itself as Microsoft's Narrator screen reader utility to download malicious payloads from a command-and-control (C2) server, upload, and execute files, and even create and terminate processes.
Lastly,
PEBBLEDASH, like TAINTEDSCRIBE, is another trojan with capabilities to "download, upload, delete, and execute files; enable Windows CLI access; create and terminate processes; perform target system enumeration."
A significant Cyber Espionage Threat
The
WannaCry ransomwareinfection of 2017, also known as Wanna Decryptor, leveraged a Windows
SMB exploit, dubbed EternalBlue, that allowed a remote hacker to hijack unpatched Windows computers in return for Bitcoin payments of up to $600. The attack has since been
traced to Hidden Cobra.
With the Lazarus Group responsible for the theft of more than
$571 million worth of cryptocurrencyfrom online exchanges, the financially-motivated attacks led the US Treasury to
sanction the groupand its two off-shoots, Bluenoroff and Andariel, last September.
Then earlier this March, the US Department of Justice (DoJ)
charged two Chinese nationalsworking on behalf of the North Korean threat actors to allegedly launder over $100 million worth of the stolen cryptocurrency using prepaid Apple iTunes gift cards.
Last month, the US
government had issued guidanceon the 'significant cyber threat' posed by North Korean state-sponsored hackers to the global banking and financial institutions, in addition to offering a monetary reward of up to $5 million for information about past or ongoing illicit DPRK activities in the cyber realm.
"The DPRK's malicious cyber activities threaten the United States and the broader international community and, in particular, pose a significant threat to the integrity and stability of the international financial system," the
advisory cautioned.
"Under the pressure of robust US and UN sanctions, the DPRK has increasingly relied on illicit activities – including cybercrime – to generate revenue for its weapons of mass destruction and ballistic missile programs."
via https://www.aiupnow.com by noreply@blogger.com (Ravie Lakshmanan), Khareem Sudlow
