Threat Watch

North Korea’s Joanap Botnet Falls Into DOJ’s Crosshairs

North Korea: The U.S. Department of Justice and the Air Force Office of Special Investigations (AFOSI) have been participating in joint cyber-operations targeting North Korea’s Joanap botnet.  The two organizations have been operating servers which mimicked infected machines in order to communicate with the botnet while mapping out the botnet’s network of infected systems.  The Joanap botnet relies on peer-to-peer (P2P) communication systems rather than one central command-and-control (C2) server.  This means that information is relayed by infected hosts to other infected hosts allowing for the DOJ and AFOSI to easily infiltrate the network with their own devices.  The DOJ says that now that it has a comprehensive understanding of the network, they intend to begin notifying the victims so that they can work to remove the malware and kill the botnet.

ANALYST NOTES

This crippling blow to North Korea’s cyber-operations will likely not be long lived though. North Korea has shown considerable ability to adapt and carry out sophisticated cyber-operations and they will likely begin to work quickly to replace the loss of the Joanap botnet.