Security News > 2020 > May > US Government Exposes North Korean Malware
US Cyber Command has uploaded North Korean malware samples to the VirusTotal aggregation repository, adding to the malware samples it uploaded in February.
The first of the new malware variants, COPPERHEDGE, is described as a Remote Access Tool "Used by advanced persistent threat cyber actors in the targeting of cryptocurrency exchanges and related entities."
The trojan "Downloads its command execution module from a command and control server and then has the capability to download, upload, delete, and execute files; enable Windows CLI access; create and terminate processes; and perform target system enumeration."
Last but not least, PEBBLEDASH is yet another North Korean trojan acting like a full-featured beaconing implant and used by North Korean-backed hacking groups "To download, upload, delete, and execute files; enable Windows CLI access; create and terminate processes; and perform target system enumeration."
It's interesting to see the US government take a more aggressive stance on foreign malware.
News URL
https://www.schneier.com/blog/archives/2020/05/us_government_e.html
Related news
- North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware (source)
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)
- North Korean hackers use new macOS malware against crypto firms (source)
- North Korean Hackers Target macOS Using Flutter-Embedded Malware (source)