North Korea: The United States Cyber Command has issued a new malware alert pertaining to North Korea. The alert states that they have uploaded new samples to VirusTotal that are used by North Korean actors. The command stated, “the malware samples are currently used for fund generation and malicious cyber activities including remote access, beaconing, and malware command by malicious cyber actors.” The names of the victims affected by these new samples were not released, but it is known that they were all used in attacks that targeted the finance industry, and more specifically targeted the SWIFT system that is used by banks internationally. Separately, the FBI issued a different alert about North Korean-linked malware that had the same IOCs (Indicators of Compromise) as previous North Korean malware, which was linked by researchers at Alyac. It was unclear if the FBI release and Cyber Command release were linked. Seven samples were uploaded by the command to includes multiple backdoor builders, two backdoors, and two loaders. The backdoors had different capabilities including, but not limited to, listening to audio and the ability to download alternate malware, according to researchers at Cylance.
Watch the Video
How does Binary Defense help protect your organization? With best in breed cybersecurity tactics, techniques, and services, we make sure that your environment is secure against the most advanced attacks.