|A North Korea affiliated hacker. / Photo by: Paopano via Shutterstock|
The United States Computer Emergency Response Team has discovered a new North Korean malware which was named Typeframe by the said group, and which supposedly originates from the Hidden Cobra group. Its latest Malware Analysis report featured 11 new malware types that can download and install malware, install proxy and remote access Trojans (RATs), infiltrate command and control servers, and alter firewalls to enable incoming connections, according to Phil Muncaster, reporting for Infosecurity Magazine.
Most of the malware are RC4 encrypted RATs that can be downloaded onto PCs and erase files, and proxy modules that can access the Windows Firewall system and permit incoming connections.
The US-CERT is advising organizations to install all available security patches and keep their anti-virus software updated. They should also disable file and printer sharing services, enforce stricter user permissions, and maintain strong passwords and robust firewalls on all workstations. All incoming email should be scanned for dubious attachments and online browsing should be monitored. It is also requesting users whose computers may have been infected by the said malware to report such incidents to the Department of Homeland Security’s National Cybersecurity and Communications Integration Center or the Federal Bureau of Investigation’s Cyber Watch unit.
It is surprising to note that the Typeframe malware was uncovered after US President Donald Trump held a summit meeting with North Korean leader Kim Jong-un. But North Korean hackers, particularly those associated with the Hidden Cobra or the Lazarus group, have been pinpointed as the perpetrators of several notorious hacking incidents around the world. It was behind the infamous WannaCry ransomware that wreaked a lot of havoc in 2017 and the cyber theft on the Bangladesh Bank that cost the bank US$81 million. They were also responsible for the hacking incident on Sony Pictures in 2014.