Security News > 2020 > May > U.S. Cyber Command Shares More North Korean Malware Variants
The United States Cyber Command has uploaded five malware samples to VirusTotal total today, which it has attributed to the North Korean threat group Lazarus.
Since November 2018, USCYBERCOM has shared numerous malware samples as part of a project started by its Cyber National Mission Force, including malicious files attributed to nation states from North Korea, Russia, and Iran.
In September last year, it shared with the popular scanning engine 11 samples attributed to Lazarus, which the U.S. refers to as "Hidden Cobra." 6 other samples were added in February this year.
These files are samples of three malware families that the Cybersecurity and Infrastructure Security Agency, the Federal Bureau of Investigation, and the Department of Defense are calling COPPERHEDGE, TAINTEDSCRIBE, and PEBBLEDASH. Two of the samples have high detection rates on VirusTotal, with more than 35 of the 71 antivirus engines recognizing them as malicious.
The samples appear to share some code similarities that result in some detection engines identifying them as variants of the NukeSped RAT, something that was observed with previously shared malware samples as well.
News URL
Related news
- North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware (source)
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)
- North Korean hackers use new macOS malware against crypto firms (source)
- North Korean Hackers Target macOS Using Flutter-Embedded Malware (source)