North Korean Malicious Cyber Activity

미국 국토안보부 산하 기관인 CISA와 FBI가 북한 사이버 공격자들이 사용하는 것으로 알려진 멀웨어에 대한 상세 내용을 공개했습니다.

 

상세 내용은 상기 Reference를 참고하세요.

 

North Korean Malicious Cyber Activity

On August 26, 2020, the Cybersecurity Security and Infrastructure Security Agency (CISA), the Department of the Treasury, the Federal Bureau of Investigation, and U.S. Cyber Command identified malware and other indicators of compromise used by the North Korean government in an ATM cash-out scheme—referred to by the U.S. Government as “FASTCash.” The U.S. Government refers to the group behind this activity as BeagleBoyz, a subset of HIDDEN COBRA.

• August 26, 2020: Joint Technical Alert (AA20-239A): FASTCash 2.0: North Korea's BeagleBoyz Robbing Banks
• August 26, 2020: Malware Analysis Report (10301706-1.v1): North Korean Remote Access Tool: ECCENTRICBANDWAGON
• August 26, 2020: Malware Analysis Report (10301706-2.v1): North Korean Remote Access Tool: VIVACIOUSGIFT
• August 26, 2020: Malware Analysis Report (10257062-1.v2): North Korean Remote Access Tool: FASTCASH for Windows

The information contained in the alerts and MARs listed below is the result of analytic efforts between the U.S. Department of Homeland Security, the U.S. Department of Defense, and the Federal Bureau of Investigation to provide technical details on the tools and infrastructure used by cyber actors of the North Korean government. Each MAR includes malware descriptions, suggested response actions, and recommended mitigation techniques. Users or administrators should flag activity associated with the malware and report the activity to the Cybersecurity and Infrastructure Security Agency (CISA) or the FBI Cyber Watch (CyWatch), and give the activity the highest priority for enhanced mitigation. The U.S. Government refers to the malicious cyber activity by the North Korean government as HIDDEN COBRA.

See the listing below for previous alerts and Malware Analysis Reports (MARs) on North Korea’s malicious cyber activities.

• August 19, 2020: Malware Analysis Report (10295134.r1.v1) – North Korean Remote Access Trojan: BLINDINGCAN
• May 12, 2020: Malware Analysis Report (1028834-1.v1) – North Korean Remote Access Tool: COPPERHEDGE
• May 12, 2020: Malware Analysis Report (1028834-2.v1) – North Korean Trojan: TAINTEDSCRIBE
• May 12, 2020: Malware Analysis Report (1028834-3.v1) – North Korean Trojan: PEBBLEDASH
• April 15, 2020 Alert: (AA20-106A) Guidance on the North Korean Cyber Threat
• February 14, 2020: Malware Analysis Report (10265965-1.v1) – North Korean Trojan: BISTROMATH
• February 14, 2020: Malware Analysis Report (10265965-2.v1) – North Korean Trojan: SLICKSHOES
• February 14, 2020: Malware Analysis Report (10265965-3.v1) – North Korean Trojan: CROWDEDFLOUNDER
• February 14, 2020: Malware Analysis Report (10271944-1.v1) – North Korean Trojan: HOTCROISSANT
• February 14, 2020: Malware Analysis Report (10271944-2.v1) – North Korean Trojan: ARTFULPIE
• February 14, 2020: Malware Analysis Report (10271944-3.v1) – North Korean Trojan: BUFFETLINE
• February 14, 2020: Malware Analysis Report (10135536-8.v4) – North Korean Trojan: HOPLIGHT
  (updates October 31, 2019: Malware Analysis Report (10135536-8) – North Korean Trojan: HOPLIGHT, which updated April 10, 2019: Malware Analysis Report (10135536-8) – North Korean Trojan: HOPLIGHT
• September 9, 2019: Malware Analysis Report (10135536-21) – North Korean Proxy Malware: ELECTRICFISH
  (updates May 9, 2019: Malware Analysis Report (10135536-21) – North Korean Tunneling Tool: ELECTRICFISH)
• September 9, 2019: Malware Analysis Report (10135536-10) – North Korean Trojan: BADCALL
  (updates February 13, 2018: Malware Analysis Report (MAR-10135536-G) – North Korean Trojan: BADCALL and STIX file for MAR-10135536-G)
• October 2, 2018: Alert TA18-275A - HIDDEN COBRA FASTCash Campaign
• October 2, 2018: Malware Analysis Report MAR-10201537 - HIDDEN COBRA FASTCash-Related Malware
• August 9, 2018: Malware Analysis Report (10135536-17) – North Korean Trojan: KEYMARBLE
• June 14, 2018: Malware Analysis Report (10135536-12) – North Korean Trojan: TYPEFRAME
• May 29, 2018: Alert: (TA18-149A) HIDDEN COBRA – Joanap Backdoor Trojan and Brambul Server Message Block Worm
• May 29, 2018: Malware Analysis Report (MAR-10135536-3) – HIDDEN COBRA RAT/Worm
• March 28, 2018: Malware Analysis Report (MAR-10135536.11) – North Korean Trojan: SHARPKNOT
  • STIX file for MAR-10135536.11
• February 13, 2018: Malware Analysis Report (MAR-10135536-F) – North Korean Trojan: HARDRAIN
  • STIX file for MAR-10135536-F
• December 21, 2017: Malware Analysis Report (MAR-10135536) – North Korean Trojan: BANKSHOT
  • STIX file for MAR-10135536
• November 14, 2017: Alert (TA17-318A) HIDDEN COBRA – North Korean Remote Administration Tool: FALLCHILL
• November 14, 2017: Alert (TA17-318B) HIDDEN COBRA – North Korean Trojan: Volgmer
• August 23, 2017: Malware Analysis Report (MAR-10132963) – Analysis of Delta Charlie Attack Malware
  • STIX file for MAR-10132963
• June 13, 2017: Alert (TA17-164A) HIDDEN COBRA – North Korea’s DDoS Botnet Infrastructure
• May 12, 2017: Alert (TA17-132A) Indicators Associated With WannaCry Ransomware

 

https://us-cert.cisa.gov/northkorea?fbclid=IwAR2tbP9vCTuDcipSYmO8QPhVY70QYcHmiU7_luRF24_riZbaCdx7cSx7dyI

North Korean Malicious Cyber Activity | CISA

http://m.boannews.com/html/detail.html?idx=90612&fbclid=IwAR1UZTAVSxWz-0DWtoyTYPbhobosEl9NcsM-0h9vZZP1dr4XBNQ9ttHXPX4

미국, 북한 라자루스가 사용하는 멀웨어 세세하게 공개해