Security News > 2020 > May > US Government Exposes North Korean Malware
US Cyber Command has uploaded North Korean malware samples to the VirusTotal aggregation repository, adding to the malware samples it uploaded in February.
The first of the new malware variants, COPPERHEDGE, is described as a Remote Access Tool "Used by advanced persistent threat cyber actors in the targeting of cryptocurrency exchanges and related entities."
The trojan "Downloads its command execution module from a command and control server and then has the capability to download, upload, delete, and execute files; enable Windows CLI access; create and terminate processes; and perform target system enumeration."
Last but not least, PEBBLEDASH is yet another North Korean trojan acting like a full-featured beaconing implant and used by North Korean-backed hacking groups "To download, upload, delete, and execute files; enable Windows CLI access; create and terminate processes; and perform target system enumeration."
It's interesting to see the US government take a more aggressive stance on foreign malware.
News URL
https://www.schneier.com/blog/archives/2020/05/us_government_e.html
Related news
- FBI wipes Chinese PlugX malware from over 4,000 US computers (source)
- FBI deletes Chinese PlugX malware from thousands of US computers (source)
- US cracks down on North Korean IT worker army with more sanctions (source)
- North Korean Hackers Deploy FERRET Malware via Fake Job Interviews on macOS (source)
- North Korean APT Kimsuky Uses forceCopy Malware to Steal Browser-Stored Credentials (source)
- North Korean hackers spotted using ClickFix tactic to deliver malware (source)
- North Korean Hackers Target Freelance Developers in Job Scam to Deploy Malware (source)
- Chinese hackers use custom malware to spy on US telecom networks (source)