FBI Warns Against North Korean Password-Stealing Malware
The Department of Homeland Security and the FBI revealed this week that North Korean hackers may have been using a remote access tool called Joanap, and a Server Message Blockworm called Brambul, to to target organizations in the media, aerospace, financial, and critical infrastructure sectors.
US authorities say that the hackers, codenamed “Hidden Cobra”, use Joanap to infect a system as a file delivered by other malware which users download unknowingly when they open malicious attachments or visit compromised sites. Meanwhile, Brambul is used to launch a brute-force password attack against an SMB protocol for access to a victim’s networks.
The government alert advised organizations to keep all operating systems and software up-to-date with the latest patches to reduce the number of entry points available to the attacker.