dod pentagon

Pentagon, FBI Release Report on New Malware Attributed to North Korean Hackers

The new trend of public disclosures by government agencies about cybersecurity threats has led to the latest report about North Korea’s newly developed malware used to spy and steal data.

  • By Haley Samsel
  • Feb 19, 2020

Several government agencies, including the FBI, has made the unusual move of publicly identifying at least seven different malware types associated with North Korean hackers.

The Department of Defense and Department of Homeland Security issued a public disclosure late last week, elaborating on a malicious actor referred to as “Hidden Cobra.” The hacker or hacking collective, associated with the North Korean government, uses malware to steal data, delete files and capture screenshots while someone is using the computer, according to CyberScoop.

This is the first time that the Pentagon’s Cyber Command is identifying North Korean hacking efforts “by name,” CyberScoop reported. Private companies were provided with copies of the report in advance of its public release.

Government agencies have given the malware some creative names, including Buffetline, Hotcroissant, Crowdedflounder and Bistromath. Some of the malware identified by investigators may be associated with previous North Korean attacks on India.

While it’s not shocking to any close watcher of cybersecurity attacks that North Korea is developing more advanced tools to conduct cyber warfare, the new public disclosures by the federal government are a fairly recent development. As ArsTechnica points out, government officials used to refrain from pointing fingers at any specific country for carrying out cyber attacks.

The strategy began to shift after North Korea’s hack of Sony Pictures, which investigators were quick to publicize was likely the work of North Korean agents. The Treasury Department has also publicly sanctioned North Korean hacking groups in 2019, and justice officials have been more outspoken about the threats posed by countries with advanced cyber operations, including Russia, Iran, and, of course, North Korea.

The National Security Agency, known for its secrecy and weaponizing of cybersecurity flaws to spy, surprised many cybersecurity experts in January when the agency alerted Microsoft of a catastrophic flaw in its operating system. Rather than taking advantage of the issue to spy on other countries, the NSA reported it and allowed the company to fix it.

Whether these decisions to publicly disclose cybersecurity threats is permanent, or part of a new approach to cybersecurity policy, is yet to be seen. In explaining the most recent announcement, a Cyber Command spokesperson told CyberScoop that the FBI was behind the attribution of the seven malware samples to North Korea. That was the reasoning behind the most recent disclosure, the spokesperson said.

“Associating the FBI’s attribution of malware to a nation-state is situation-dependent, based on timing,” the spokesperson said.

About the Author

Haley Samsel is an Associate Content Editor for the Infrastructure Solutions Group at 1105 Media.

Featured

  • The Future of Access Control: Cloud-Based Solutions for Safer Workplaces

    Access controls have revolutionized the way we protect our people, assets and operations. Gone are the days of cumbersome keychains and the security liabilities they introduced, but it’s a mistake to think that their evolution has reached its peak. Read Now

  • A Look at AI

    Large language models (LLMs) have taken the world by storm. Within months of OpenAI launching its AI chatbot, ChatGPT, it amassed more than 100 million users, making it the fastest-growing consumer application in history. Read Now

  • First, Do No Harm: Responsibly Applying Artificial Intelligence

    It was 2022 when early LLMs (Large Language Models) brought the term “AI” into mainstream public consciousness and since then, we’ve seen security corporations and integrators attempt to develop their solutions and sales pitches around the biggest tech boom of the 21st century. However, not all “artificial intelligence” is equally suitable for security applications, and it’s essential for end users to remain vigilant in understanding how their solutions are utilizing AI. Read Now

  • Improve Incident Response With Intelligent Cloud Video Surveillance

    Video surveillance is a vital part of business security, helping institutions protect against everyday threats for increased employee, customer, and student safety. However, many outdated surveillance solutions lack the ability to offer immediate insights into critical incidents. This slows down investigations and limits how effectively teams can respond to situations, creating greater risks for the organization. Read Now

  • Security Today Announces 2025 CyberSecured Award Winners

    Security Today is pleased to announce the 2025 CyberSecured Awards winners. Sixteen companies are being recognized this year for their network products and other cybersecurity initiatives that secure our world today. Read Now

Most   Popular

New Products

  • Luma x20

    Luma x20

    Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.”

  • Camden CM-221 Series Switches

    Camden CM-221 Series Switches

    Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings.

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area.