Autore Topic: Pentagon, FBI, DHS jointly expose a North Korean hacking effort  (Letto 2 volte)

0 Utenti e 1 Visitatore stanno visualizzando questo topic.

Offline Ruggero Respigo

  • Global Moderator
  • Newbie
  • *****
  • Post: 0
  • Karma: 2
  • Ruggero Respigo - Milano
    • Mostra profilo
    • Ruggero Resppigo - Dottore Commercialista a Milano
    • E-mail
Pentagon, FBI, DHS jointly expose a North Korean hacking effort
« Risposta #1 il: Febbraio 14, 2020, 04:08:45 pm »
Advertisement
Pentagon, FBI, DHS jointly expose a North Korean hacking effort

The Pentagon, FBI, and Department of Homeland Security have publicly identified a North Korean hacking campaign as part of a broad information sharing program intended to warn industry against adversarial hacking, CyberScoop has learned.


The public disclosure includes details about at least seven different malware samples linked with? North Korean hacking efforts. The samples point to cyber-espionage activities carried out by an actor the U.S. refers to as Hidden Cobra, which officials have? previously associated with the North Korean government. The files detailed use tools meant to steal data, create and delete files and capture screenshots, according to a person who has viewed the U.S. malware analysis report (MAR).


The Department of Defense, which added details about the malware to the Virus Total malware repository, said that the “malware is currently used for phishing & remote access by DPRK cyber actors to conduct illegal activity, steal funds & evade sanctions.”


The decision marks the first time the Pentagon’s Cyber Command will identify North Korean hacking efforts by name.


The report, which was shared with private sector in advance, is designated? TLP Red, meaning it cannot be shared “with any parties outside of the specific exchange, meeting, or conversation in which it was originally disclosed.”


It was not immediately clear if this activity was ongoing, or if the U.S. was sharing details about cyber-operations that have concluded.


Cyber Command has previously shared technical details that have been linked with North Korean financial heists involving the? Society for Worldwide Interbank Financial Telecommunication (SWIFT), the interbank messaging system, as CyberScoop reported. Other U.S. warnings have concerned malware linked with the Lazarus Group, another alleged North Korean hacking group, while other cases have exposed malware linked with? Russian-linked hacking? and? Iranian-linked activity.


Espionage capabilities


The malware files have been dubbed, Hoplight, Buffetline, Artfulpie, Hotcroissant, Crowdedflounder, Slickshoes, and Bistromath, according to the person who has seen the malware analysis report. Some samples have compilation stamps dating back to as early as 2016.


Hoplight, a trojan linked with gathering information on victims’ operating systems, has previously been exposed by the FBI and DHS.? Cyber Command also exposed activity linked with Hoplight in September.


At least one of the files may be linked with previous North Korean hacking campaigns in India, such as those linked with? DTrack malware? and a reported attack against an Indian nuclear power plant, as well as? ATM heists, a person who has seen the MAR told CyberScoop.


Many of? of those malware files exhibit typical remote access trojan (RAT) features. Slickshoes, for example, which appears to be a dropper and a RAT, has many of the common features of a RAT, such as reverse shell, screen capture, file theft, and file creation, according to the person who has seen the analysis.


Some of the files appear to have been created recently. A? beaconing implant that can run file transfer and screen grabs, dubbed Hotcroissant, has a compilation timestamp from July of last year, according to the person familiar. Artfulpie, which appears to be a downloader for another payload, was compiled in June.


One of the samples shows North Korea trying to conceal its activities. Buffetline appears to encrypt its traffic in a way that fakes TLS encryption, which could make nefarious activity blend in to normal traffic. Buffetline is also capable of manipulating file timestamps so the hackers can, to some extent, obfuscate their activities to possible incident responders, according to the person familiar with the MAR.


Evolution of information-sharing


As part of DHS’ Cybersecurity and Information Security Agency’s effort to share information with the private sector about threats the U.S. government is detecting, private sector got a heads up about the North Korean malware in advance, according to multiple sources familiar with the warning.


DHS has provided this kind of early alert to private sector in concert with some of Cyber Command’s previous Virus Total sharing efforts, as CyberScoop first reported.


But this public reprimand of North Korean hacking shows Cyber Command expanding the bounds of how much it can share about threats it is seeing with the private sector — Cyber Command’s standard practice in information sharing in the past has been to not comment on attribution at all.


In previous months, when reached for comment on attribution, the command would only say that “the Cyber National Mission Force is releasing malware.”


The command has also typically not gone so far as to characterize even the capabilities of malware it shares. That practice has changed in the last few months of 2019. Cyber Command started testing its appetite for sharing more in its last Virus Total release, when it tacked on information about the malware’s capabilities alongside the files.


“These malware samples are currently used for fund generation and malicious cyber activities including remote access, beaconing, and malware command by malicious cyber actors,” Cyber Command said in November.


It wasn’t clear why Cyber Command made the decision to explicitly expose the North Korean regime in its latest warning, but the? transparency level-up coincides with a separate National Security Agency initiative to accelerate and improve how it tips private sector off to more adversarial threat information through a new Cybersecurity Directorate.? Cyber Command and the NSA, a DOD signals intelligence agency,? are co-located and share the same leader, Gen. Paul Nakasone.


The post Pentagon, FBI, DHS jointly expose a North Korean hacking effort appeared first on CyberScoop.


Source: Pentagon, FBI, DHS jointly expose a North Korean hacking effort


Ruggero Respigo , dottore commercialista a Milano, svolge dal 1979 l’attività di  Libero Professionista e Consulente aziendale per le maggiori aziende italiane ed estere. https://www.ruggerorespigo.it

 

Related Topics

  Oggetto / Aperto da Risposte Ultimo post
0 Risposte
183 Visite
Ultimo post Giugno 18, 2018, 01:05:36 pm
da Ruggero Respigo
0 Risposte
180 Visite
Ultimo post Ottobre 26, 2018, 10:05:17 pm
da Flavio58
0 Risposte
158 Visite
Ultimo post Ottobre 30, 2018, 12:08:25 am
da Ruggero Respigo
0 Risposte
0 Visite
Ultimo post Febbraio 14, 2020, 08:36:45 pm
da Flavio58
0 Risposte
1 Visite
Ultimo post Febbraio 15, 2020, 12:12:04 am
da Ruggero Respigo

Sitemap 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326