dod pentagon

Pentagon, FBI Release Report on New Malware Attributed to North Korean Hackers

The new trend of public disclosures by government agencies about cybersecurity threats has led to the latest report about North Korea’s newly developed malware used to spy and steal data.

Several government agencies, including the FBI, has made the unusual move of publicly identifying at least seven different malware types associated with North Korean hackers.

The Department of Defense and Department of Homeland Security issued a public disclosure late last week, elaborating on a malicious actor referred to as “Hidden Cobra.” The hacker or hacking collective, associated with the North Korean government, uses malware to steal data, delete files and capture screenshots while someone is using the computer, according to CyberScoop.

This is the first time that the Pentagon’s Cyber Command is identifying North Korean hacking efforts “by name,” CyberScoop reported. Private companies were provided with copies of the report in advance of its public release.

Government agencies have given the malware some creative names, including Buffetline, Hotcroissant, Crowdedflounder and Bistromath. Some of the malware identified by investigators may be associated with previous North Korean attacks on India.

While it’s not shocking to any close watcher of cybersecurity attacks that North Korea is developing more advanced tools to conduct cyber warfare, the new public disclosures by the federal government are a fairly recent development. As ArsTechnica points out, government officials used to refrain from pointing fingers at any specific country for carrying out cyber attacks.

The strategy began to shift after North Korea’s hack of Sony Pictures, which investigators were quick to publicize was likely the work of North Korean agents. The Treasury Department has also publicly sanctioned North Korean hacking groups in 2019, and justice officials have been more outspoken about the threats posed by countries with advanced cyber operations, including Russia, Iran, and, of course, North Korea.

The National Security Agency, known for its secrecy and weaponizing of cybersecurity flaws to spy, surprised many cybersecurity experts in January when the agency alerted Microsoft of a catastrophic flaw in its operating system. Rather than taking advantage of the issue to spy on other countries, the NSA reported it and allowed the company to fix it.

Whether these decisions to publicly disclose cybersecurity threats is permanent, or part of a new approach to cybersecurity policy, is yet to be seen. In explaining the most recent announcement, a Cyber Command spokesperson told CyberScoop that the FBI was behind the attribution of the seven malware samples to North Korea. That was the reasoning behind the most recent disclosure, the spokesperson said.

“Associating the FBI’s attribution of malware to a nation-state is situation-dependent, based on timing,” the spokesperson said.

About the Author

Haley Samsel is an Associate Content Editor for the Infrastructure Solutions Group at 1105 Media.

Featured

  • Pragmatism, Productivity, and the Push for Accountability in 2025-2026

    Every year, the security industry debates whether artificial intelligence is a disruption, an enabler, or a distraction. By 2025, that conversation matured, where AI became a working dimension in physical identity and access management (PIAM) programs. Observations from 2025 highlight this turning point in AI’s role in access control and define how security leaders are being distinguished based on how they apply it. Read Now

  • Report: Cyber Attackers Continue to Turn to AI-Based Tools to Avoid Detection

    Comcast Business recently released its 2025 Cybersecurity Threat Report, a comprehensive analysis of 34.6 billion cybersecurity events detected between June 1,2024 and May 31, 2025. Now in its third year, the report offers business leaders a unique perspective into the evolving threat landscape and provides actionable insights to help organizations strengthen their defenses and align cybersecurity with business risk. Read Now

  • Axis Communications Creates AI-powered Video Surveillance Orchestra

    What if cameras could not only see the world, but interpret it—and respond like orchestra musicians reading sheet music: instantly, precisely, and in perfect harmony? That’s what global network technology leader Axis Communications set to find out. Read Now

  • Just as Expected

    GSX produced a wonderful tradeshow earlier this week. Monday was surprisingly strong in the morning, and the afternoon wasn’t bad at all. That’s Monday’s results and asking attendees to travel on Sunday. Just a quick hint, no one wants to give up their weekend to travel and set up an exhibit booth. I’m just saying. Read Now

    • Industry Events
    • GSX
  • NOLA: The Crescent City

    Twenty years later we finds ourselves in New Orleans. Twenty years ago the aftermath of Hurricane Katrina forced exhibitors and attendees to look elsewhere for tradeshow floor space. Read Now

    • Industry Events
    • GSX

New Products

  • ResponderLink

    ResponderLink

    Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols.

  • Luma x20

    Luma x20

    Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.”

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening.