North Korean Hackers Used 3 New Malware : US

According to News, on the 3rd anniversary of the infamous global WannaCry ransomware outbreak for which a country (North Korea) Blamed by U.S government which released the information about three new malware strains used by state-sponsored North Korean Hackers.

The three malware CCOPERHEDGE, TAINTEDSCRIBE, and PEBBLEDASH. According to a joint advisory released by the Cybersecurity and Infrastructure Security Agency(CISA), the Federal Bureau of Investigation (FBI) and the department of defense(DoD), the malware is capable of remote reconnaissance and exfiltration of the most important information or you call it sensitive data from the targeted host systems.

That is not the end if you leave this three malware more than 20 malware are also in the list including SLICK SHOES,  BISTROMATH, HOPLIGHT, and ELECTRICFISH and among others. The Agencies have been identified and originating as part of a series of malicious cyber activity which was done by the North Korean Government which they called Hidden Cobra or moniker Lazarus Group.

Let’s Discuss on:

TAINTEDSCRIBE: It performs as a backdoor implant and pretends to be not available but itself as Microsoft narrator and uses screen reader utility to download malicious payloads from command and control server that upload and execute the files and even create and terminate the process going on.

COPPERHEDGE: When talking about the first three malware that is full-featured Remote Access Tool(RAT) which are capable of running arbitrary commands, performing system reconnaissance, and data exfiltrating. The above all is used to act and treat the target cryptocurrency exchanges and related entities. six different types of COPPERHEDGE are identified to date.

After that, PEBBLEDASH is similar to TAINTEDSCRIBE which normally a family member of trojan which has capabilities to download, upload, delete and execute files and it also enables CLI access which helps to terminate the process.

Cyber Spying Threat Significant Role

Have you guys remembered about the WannaCry ransomware infection outrage in 2017 which is also known as Wanna Decryptor, with this outrage hackers hack system and forcefully extract a Windows SMB exploit, dubbed Etrenalblue that may help to take a remote hacker to hijack unpatched windows computer and in return, they usually demand more than $600 in Ransome? The attack has been traced to Hidden Cobra.

The Lazarus Group is responsible for all that stuff and they almost $571 million worth of cryptocurrency from online exchanges.

In March 2020, The US Department of Justice(DoJ) charged two Chinese nationals working on behalf of North Korean threats to allegedly launder over 100$ million worth of stolen cryptocurrency by using Apple iTunes Gift cards.

Found this article informative? Follow Vednam on Facebook, Twitter, Mix, Tumbler, and Linkedin to know more exclusive content we post.