US Cyber Command uploads new malware samples linked to North Korean state-backed financial heists
The samples include loaders, backdoors, and backdoor builders
US Cyber Command has released seven new malware samples linked with malware families used by hacking groups believed to be run from North Korea.
The samples were uploaded on VirusTotal. "These malware samples are currently used for fund generation and malicious cyber activities, including remote access, beaconing, and malware command by malicious cyber actors," the Cyber Command said in post on Twitter.
Security researchers believe the malware was also likely used by the North Korean hackers in their attacks against the SWIFT (Society for Worldwide Interbank Financial Telecommunication) interbank messaging system.
According to CyberScoop, the FBI recently flagged North Korean-linked malware (not publically) and also issued an alert providing information on command tools and remote access trojans (RATs) that could enable hackers to remotely access targets' machines, upload/download files, and run some arbitrary code.
The new malware samples include loaders, backdoors, and backdoor builders. According to researchers, they are well written and could also allow attackers to inject a backdoor binary into memory to establish persistence on victims' systems.
Some of them are also capable of recording audio and downloading additional malware modules.
In September, US Cyber Command uploaded 11 malware samples on VirusTotal, many of them linked to Lazarus Group
Analysis of malware samples revealed that one backdoor was capable of uninstalling or updating itself, suggesting that North Koreans hackers are currently trying to hide their identities from security teams.
In September, US Cyber Command uploaded 11 malware samples on VirusTotal, many of them linked to Lazarus Group - an umbrella term used to describe the hacking activity carried out to advance the interests of the North Korean government.
Some of those samples were found to be similar to "HOPLIGHT," a trojan used by hackers to collect information on the operating systems of victims' machines.
Earlier in August, Cyber Command released two malware samples, one of which was a dynamically linked library, while another was an executable file.
All these announcements come weeks after a UN report that revealed that North Korea had used 35 cyber attacks to steal $2 billion from foreign financial institutions, and spent the money on its weapons programmes.
In September, the US Treasury sanctioned three hacking groups - Lazarus, Bluenoroff and Andariel - all linked with North Korea. The Treasury claimed that these groups were behind the theft of millions of dollars from financial institutions worldwide to help fund Pyongyang's weapons programme.
Just last month, the Nuclear Power Corporation of India also disclosed that one of its biggest nuclear power facilities was compromised by malware in an attack that was believed to have been the work of a North Korean hacking group.