dod pentagon

Pentagon, FBI Release Report on New Malware Attributed to North Korean Hackers

The new trend of public disclosures by government agencies about cybersecurity threats has led to the latest report about North Korea’s newly developed malware used to spy and steal data.

  • By Haley Samsel
  • Feb 19, 2020

Several government agencies, including the FBI, has made the unusual move of publicly identifying at least seven different malware types associated with North Korean hackers.

The Department of Defense and Department of Homeland Security issued a public disclosure late last week, elaborating on a malicious actor referred to as “Hidden Cobra.” The hacker or hacking collective, associated with the North Korean government, uses malware to steal data, delete files and capture screenshots while someone is using the computer, according to CyberScoop.

This is the first time that the Pentagon’s Cyber Command is identifying North Korean hacking efforts “by name,” CyberScoop reported. Private companies were provided with copies of the report in advance of its public release.

Government agencies have given the malware some creative names, including Buffetline, Hotcroissant, Crowdedflounder and Bistromath. Some of the malware identified by investigators may be associated with previous North Korean attacks on India.

While it’s not shocking to any close watcher of cybersecurity attacks that North Korea is developing more advanced tools to conduct cyber warfare, the new public disclosures by the federal government are a fairly recent development. As ArsTechnica points out, government officials used to refrain from pointing fingers at any specific country for carrying out cyber attacks.

The strategy began to shift after North Korea’s hack of Sony Pictures, which investigators were quick to publicize was likely the work of North Korean agents. The Treasury Department has also publicly sanctioned North Korean hacking groups in 2019, and justice officials have been more outspoken about the threats posed by countries with advanced cyber operations, including Russia, Iran, and, of course, North Korea.

The National Security Agency, known for its secrecy and weaponizing of cybersecurity flaws to spy, surprised many cybersecurity experts in January when the agency alerted Microsoft of a catastrophic flaw in its operating system. Rather than taking advantage of the issue to spy on other countries, the NSA reported it and allowed the company to fix it.

Whether these decisions to publicly disclose cybersecurity threats is permanent, or part of a new approach to cybersecurity policy, is yet to be seen. In explaining the most recent announcement, a Cyber Command spokesperson told CyberScoop that the FBI was behind the attribution of the seven malware samples to North Korea. That was the reasoning behind the most recent disclosure, the spokesperson said.

“Associating the FBI’s attribution of malware to a nation-state is situation-dependent, based on timing,” the spokesperson said.

About the Author

Haley Samsel is an Associate Content Editor for the Infrastructure Solutions Group at 1105 Media.

Featured

  • From Surveillance to Intelligence

    Years ago, it would have been significantly more expensive to run an analytic like that — requiring a custom-built solution with burdensome infrastructure demands — but modern edge devices have made it accessible to everyone. It also saves time, which is a critical factor if a missing child is involved. Video compression technology has played a critical role as well. Over the years, significant advancements have been made in video coding standards — including H.263, MPEG formats, and H.264—alongside compression optimization technologies developed by IP video manufacturers to improve efficiency without sacrificing quality. The open-source AV1 codec developed by the Alliance for Open Media—a consortium including Google, Netflix, Microsoft, Amazon and others — is already the preferred decoder for cloud-based applications, and is quickly becoming the standard for video compression of all types. Read Now

  • Cost: Reactive vs. Proactive Security

    Security breaches often happen despite the availability of tools to prevent them. To combat this problem, the industry is shifting from reactive correction to proactive protection. This article will examine why so many security leaders have realized they must “lead before the breach” – not after. Read Now

  • Achieving Clear Audio

    In today’s ever-changing world of security and risk management, effective communication via an intercom and door entry communication system is a critical communication tool to keep a facility’s staff, visitors and vendors safe. Read Now

  • Beyond Apps: Access Control for Today’s Residents

    The modern resident lives in an app-saturated world. From banking to grocery delivery, fitness tracking to ridesharing, nearly every service demands another download. But when it comes to accessing the place you live, most people do not want to clutter their phone with yet another app, especially if its only purpose is to open a door. Read Now

  • Survey: 48 Percent of Worshippers Feel Less Safe Attending In-Person Services

    Almost half (48%) of those who attend religious services say they feel less safe attending in-person due to rising acts of violence at places of worship. In fact, 39% report these safety concerns have led them to change how often they attend in-person services, according to new research from Verkada conducted online by The Harris Poll among 1,123 U.S. adults who attend a religious service or event at least once a month. Read Now

Most   Popular

New Products

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area.

  • ResponderLink

    ResponderLink

    Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols.

  • AC Nio

    AC Nio

    Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions.