dod pentagon

Pentagon, FBI Release Report on New Malware Attributed to North Korean Hackers

The new trend of public disclosures by government agencies about cybersecurity threats has led to the latest report about North Korea’s newly developed malware used to spy and steal data.

Several government agencies, including the FBI, has made the unusual move of publicly identifying at least seven different malware types associated with North Korean hackers.

The Department of Defense and Department of Homeland Security issued a public disclosure late last week, elaborating on a malicious actor referred to as “Hidden Cobra.” The hacker or hacking collective, associated with the North Korean government, uses malware to steal data, delete files and capture screenshots while someone is using the computer, according to CyberScoop.

This is the first time that the Pentagon’s Cyber Command is identifying North Korean hacking efforts “by name,” CyberScoop reported. Private companies were provided with copies of the report in advance of its public release.

Government agencies have given the malware some creative names, including Buffetline, Hotcroissant, Crowdedflounder and Bistromath. Some of the malware identified by investigators may be associated with previous North Korean attacks on India.

While it’s not shocking to any close watcher of cybersecurity attacks that North Korea is developing more advanced tools to conduct cyber warfare, the new public disclosures by the federal government are a fairly recent development. As ArsTechnica points out, government officials used to refrain from pointing fingers at any specific country for carrying out cyber attacks.

The strategy began to shift after North Korea’s hack of Sony Pictures, which investigators were quick to publicize was likely the work of North Korean agents. The Treasury Department has also publicly sanctioned North Korean hacking groups in 2019, and justice officials have been more outspoken about the threats posed by countries with advanced cyber operations, including Russia, Iran, and, of course, North Korea.

The National Security Agency, known for its secrecy and weaponizing of cybersecurity flaws to spy, surprised many cybersecurity experts in January when the agency alerted Microsoft of a catastrophic flaw in its operating system. Rather than taking advantage of the issue to spy on other countries, the NSA reported it and allowed the company to fix it.

Whether these decisions to publicly disclose cybersecurity threats is permanent, or part of a new approach to cybersecurity policy, is yet to be seen. In explaining the most recent announcement, a Cyber Command spokesperson told CyberScoop that the FBI was behind the attribution of the seven malware samples to North Korea. That was the reasoning behind the most recent disclosure, the spokesperson said.

“Associating the FBI’s attribution of malware to a nation-state is situation-dependent, based on timing,” the spokesperson said.

About the Author

Haley Samsel is an Associate Content Editor for the Infrastructure Solutions Group at 1105 Media.

Featured

  • Report: 47 Percent of Security Service Providers Are Not Yet Using AI or Automation Tools

    Trackforce, a provider of security workforce management platforms, today announced the launch of its 2025 Physical Security Operations Benchmark Report, an industry-first study that benchmarks both private security service providers and corporate security teams side by side. Based on a survey of over 300 security professionals across the globe, the report provides a comprehensive look at the state of physical security operations. Read Now

    • Guard Services
  • Identity Governance at the Crossroads of Complexity and Scale

    Modern enterprises are grappling with an increasing number of identities, both human and machine, across an ever-growing number of systems. They must also deal with increased operational demands, including faster onboarding, more scalable models, and tighter security enforcement. Navigating these ever-growing challenges with speed and accuracy requires a new approach to identity governance that is built for the future enterprise. Read Now

  • Eagle Eye Networks Launches AI Camera Gun Detection

    Eagle Eye Networks, a provider of cloud video surveillance, recently introduced Eagle Eye Gun Detection, a new layer of protection for schools and businesses that works with existing security cameras and infrastructure. Eagle Eye Networks is the first to build gun detection into its platform. Read Now

  • Report: AI is Supercharging Old-School Cybercriminal Tactics

    AI isn’t just transforming how we work. It’s reshaping how cybercriminals attack, with threat actors exploiting AI to mass produce malicious code loaders, steal browser credentials and accelerate cloud attacks, according to a new report from Elastic. Read Now

  • Pragmatism, Productivity, and the Push for Accountability in 2025-2026

    Every year, the security industry debates whether artificial intelligence is a disruption, an enabler, or a distraction. By 2025, that conversation matured, where AI became a working dimension in physical identity and access management (PIAM) programs. Observations from 2025 highlight this turning point in AI’s role in access control and define how security leaders are being distinguished based on how they apply it. Read Now

New Products

  • EasyGate SPT and SPD

    EasyGate SPT SPD

    Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles.

  • Compact IP Video Intercom

    Viking’s X-205 Series of intercoms provide HD IP video and two-way voice communication - all wrapped up in an attractive compact chassis.

  • Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

    Connect ONE®

    Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.