North Korea: The U.S. Department of Justice and the Air Force Office of Special Investigations (AFOSI) have been participating in joint cyber-operations targeting North Korea’s Joanap botnet. The two organizations have been operating servers which mimicked infected machines in order to communicate with the botnet while mapping out the botnet’s network of infected systems. The Joanap botnet relies on peer-to-peer (P2P) communication systems rather than one central command-and-control (C2) server. This means that information is relayed by infected hosts to other infected hosts allowing for the DOJ and AFOSI to easily infiltrate the network with their own devices. The DOJ says that now that it has a comprehensive understanding of the network, they intend to begin notifying the victims so that they can work to remove the malware and kill the botnet.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased