Breaking News

Lexar Launches the NM990 PCIe 5.0 SSD DJI Agras T100, T70P and T25P Launches Globally Sony Introduces the RX1R III Razer Introduces Next-Generation Connectivity and Performance with New Thunderbolt 5 Dock and Core X V2 Transcend's New ESD420 Portable SSD Offers MagSafe Compatibility and Pro-Level Performance

logo

  • Share Us
    • Facebook
    • Twitter
  • Home
  • Home
  • News
  • Reviews
  • Essays
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map

Search form

Pentagon, DHS And FBI Issued New Malware Warning For Windows Users

Pentagon, DHS And FBI Issued New Malware Warning For Windows Users

Enterprise & IT Feb 15,2020 0

Multiple U.S. government agencies have warned of a newly cybesecurity threat from North Korea.

According to the U.S. government, the warning “is the result of analytic efforts between the U.S. Department of Homeland Security, the U.S. Department of Defense, and the FBI to provide technical details on the tools and infrastructure used by cyber actors of the North Korean government.”

The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Defense (DoD) have identified malware variants used by the North Korean government. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA.

The U.S. government issued six new Malware Analysis Reports (MARs) and one updated MAR related to malicious cyber activity from North Korea. Each MAR is designed to enable network defenders to identify and reduce exposure to North Korean government malicious cyber activity. CISA encourages users and administrators to review these MARs for each malware variant listed below.

  • February 14, 2020: Malware Analysis Report (10265965-1.v1) – North Korean Trojan: BISTROMATH
  • February 14, 2020: Malware Analysis Report (10265965-2.v1) – North Korean Trojan: SLICKSHOES
  • February 14, 2020: Malware Analysis Report (10265965-3.v1) – North Korean Trojan: CROWDEDFLOUNDER
  • February 14, 2020: Malware Analysis Report (10271944-1.v1) – North Korean Trojan: HOTCROISSANT
  • February 14, 2020: Malware Analysis Report (10271944-2.v1) – North Korean Trojan: ARTFULPIE
  • February 14, 2020: Malware Analysis Report (10271944-3.v1) – North Korean Trojan: BUFFETLINE
  • February 14, 2020: Malware Analysis Report (10135536-8.v3) – North Korean Trojan: HOPLIGHT
    (updates October 31, 2019: Malware Analysis Report (10135536-8) – North Korean Trojan: HOPLIGHT, which updated April 10, 2019: Malware Analysis Report (10135536-8) – North Korean Trojan: HOPLIGHT)

Each MAR includes malware descriptions, suggested response actions, and recommended mitigation techniques. Users or administrators should flag activity associated with the malware and report the activity to CISA or the FBI Cyber Watch (CyWatch), and give the activity the highest priority for enhanced mitigation.

Bistromath, Slickshoes, Crowdedflounder, Hotcroissant, Artfulpie and Buffetline are variants of the VirusTotal. Hoplight is an update on a previous strain. If allowed to take root, the various strains of malware enable remote access to machines and networks, the download of further malicious software, as well as the exfiltration of credentials and files.

It is assumed that the same attackers thought responsible for the WannaCry ransomware attack in 2017 are likely behind these latest campaigns—referred to as Lazarus by the private sector and “Hidden Cobra” by the U.S. government.

CISA recommends the usual mitigation: patching as soon as practically possible; applying strong passwords to file sharing and broader IoT set-ups, including printers and other networked devices; use of updated antivirus software; email defense and user training on unknown senders and attachments; some levels of user monitoring to prevent dangerous activity; and restrictions on external drives and internet software downloads.

Tags: Cybersecuritymalwarecybercrime
Previous Post
Facebook and IBM Cancel San Francisco Appearances on Coronavirus Fears
Next Post
Google Could Pay Publishers for Displaying Their News

Related Posts

  • Intel and Microsoft Convert Malware to Images to Spot Threads Faster

  • Intel Confirms "Thunderspy" Risk in Thuerbolt Devices

  • GoDaddy Discloses Data Breach

  • Zoom Users' Data have Been on Sale on Dark Web: report

  • Apple Says 'No Evidence' iPhone Mail Bug Used Against Consumers

  • Malwarebytes Introduces VPN Service

  • Google Says State-backed Hackers Use Coronavirus For Phishing Attacks

  • Apple to Patch Serious iOS Vulnerability

Latest News

Lexar Launches the NM990 PCIe 5.0 SSD
PC components

Lexar Launches the NM990 PCIe 5.0 SSD

DJI Agras T100, T70P and T25P Launches Globally
Drones

DJI Agras T100, T70P and T25P Launches Globally

Sony Introduces the RX1R III
Cameras

Sony Introduces the RX1R III

Razer Introduces Next-Generation Connectivity and Performance with New Thunderbolt 5 Dock and Core X V2
Gaming

Razer Introduces Next-Generation Connectivity and Performance with New Thunderbolt 5 Dock and Core X V2

Transcend's New ESD420 Portable SSD Offers MagSafe Compatibility and Pro-Level Performance
PC components

Transcend's New ESD420 Portable SSD Offers MagSafe Compatibility and Pro-Level Performance

Popular Reviews

be quiet! Light Loop 360mm

be quiet! Light Loop 360mm

be quiet! Dark Mount Keyboard

be quiet! Dark Mount Keyboard

be quiet! Light Mount Keyboard

be quiet! Light Mount Keyboard

Noctua NH-D15 G2

Noctua NH-D15 G2

Soundpeats Pop Clip

Soundpeats Pop Clip

be quiet! Light Base 600 LX

be quiet! Light Base 600 LX

Crucial T705 2TB NVME White

Crucial T705 2TB NVME White

be quiet! Pure Base 501

be quiet! Pure Base 501

Main menu

  • Home
  • News
  • Reviews
  • Essays
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map
  • About
  • Privacy
  • Contact Us
  • Promotional Opportunities @ CdrInfo.com
  • Advertise on out site
  • Submit your News to our site
  • RSS Feed