U.S. officials are alerting the public to two families of malware linked to the North Korean government that, if successfully deployed, allow hackers to remotely access devices and steal sensitive information.
The Department of Homeland Security (DHS) and FBI released a technical alert on the two forms of malware — one a remote access tool, and the other a server message block worm — on Tuesday.
{mosads}Officials said with “high confidence” that hackers associated with Pyongyang have used both forms of malware since at least 2009 to target media, aerospace, financial and critical infrastructure organizations across the globe, including those in the United States.
Both forms of malware, which officials and cybersecurity experts have dubbed Joanap and Brambul, respectively, can allow hackers to remotely access devices and steal sensitive data or conduct other nefarious cyber activity.
U.S. officials have periodically released information on hacking efforts linked to Hidden Cobra, the government’s name for North Korea’s state-sponsored hackers. Back in December, the Trump administration publicly blamed North Korea for the massive “WannaCry” malware attack that broke out across the globe one year ago.
Cybersecurity experts say that Pyongyang’s hackers have grown increasingly capable and brazen in recent years, particularly targeting financial organizations in an effort to secure hard cash for the country, which has been increasingly squeezed by international sanctions.
“FBI has high confidence that HIDDEN COBRA actors are using the IP addresses—listed in this report’s [indicators of compromise] files—to maintain a presence on victims’ networks and enable network exploitation,” the alert published Tuesday states. “DHS and FBI are distributing these IP addresses and other [indicators of compromise] to enable network defense and reduce exposure to any North Korean government malicious cyber activity.”
Officials are encouraging private sector firms to immediately report any activity associated with these forms of malware to DHS or the FBI and “give it the highest priority for enhanced mitigation.”
The latest information about North Korean hacking efforts comes as the administration presses forward with discussions about a prospective summit between President Trump and North Korean leader Kim Jong Un. Trump abruptly canceled the summit last week, but has since signaled that it could still take place. The meeting was initially scheduled for June 12.