The FBI (Federal Bureau of Investigation), US Cyber Command, and DHS (Department of Homeland Security) recently discovered a hacking operation that is supposed to originate from North Korea.
To inform the public, the agencies issued a security statement which contains the information of the 6 malware that the North Korean Hackers are currently using.
US Cyber Command’s subordinate unit, Cyber National Mission Force (CNMF), on its official twitter account published that the North Korean hackers are spreading the malware via phishing campaigns.
The tweet says, “Malware attributed to #NorthKorea by @FBI_NCIJTF just released here: https://www.virustotal.com/gui/user/CYBERCOM_Malware_Alert …. This malware is currently used for phishing & remote access by #DPRK cyber actors to conduct illegal activity, steal funds & evade sanctions. #HappyValentines @CISAgov @DHS @US_CYBERCOM.”
According to the US Cyber Command, the malware allows the North Korean hackers to sneak their way into infected systems and steal money. The funds stolen are then transferred back to North Korea, all of it done to avoid the economic sanctions imposed upon it.
It is not the first time that the news of the North Korean government using hackers to steal money and cryptocurrency to fund its nuclear plans and missile programs, and avoid the economic sanctions have appeared.
According to the reports of the US agencies, the 6 malware are Bistromath, Slickshoes, Crowdedflounder, Hotcroissant, Artfulpie, and Buffet line. The official website and twitter account of DHS, US Cyber Command, have complete details about the malware.
The US Alleges Lazarous Group for the Attack
Cybersecurity and Infrastructure Security Agency (CISA) claims that the attack was carried away by the North Korean hacker group Lazarus. The group also works under an alias, Hidden Cobra, and is one of the largest and most active hackers’ groups in North Korea.
According to the DOJ (Department of Justice), Lazarus was also involved in the 2014 Sony hack, 2016 Bangladesh Bank Attack, and planning the 2017 WannaCry ransomware outbreak.
A new ‘Name and Shame’ approach
Earlier, the US used to avoid issuing statements when it faced cybersecurity attacks. However, in the present times, it has adopted a new name and shame approach to deal with this issue. The US cybercommand, as observed, publishes about the malware publicly on its Twitter handle, along with the nation responsible. This didn’t happen earlier.