The US-CERT has issued a joint technical alert from the FBI and DHS, and warn about the two new recognized malware that has been continuously used by the hacking group name as prolific North Korean APT; it is also known by the name Hidden Cobra developed by cobra hackers.
The Hidden Cobra Hackers is commonly known as Guardians of Peace and Lazarus Group, which is reportedly backed by the government of North Korean and very-well is known to begin attacks on media, financial sectors, aerospace, and some other critical infrastructure around the world.
This group was directly connected from the WannaCry ransomware threat; last year closed the hospitals and businesses around the world. According to testimonials, it is also linked to the piracy of Sony Pictures in 2014 and the also with the attack on SWIFT Banking in 2016.
However, the Department of Homeland Security (DHS) and the FBI have discovered the two new malware Hidden Cobra Hackers, since using it from at least 2009 to target media, aerospace, finance and critical infrastructure companies around the world.
The Hidden Cobra malware will use the Trojan Access Remote Trojan (RAT) known as Joanna and the Server Message Block (SMB) worm which is called as Brambul. Here we provide every detail about both malware linked to the hidden cobra hackers.
Server Message Block Worm- Brambul
Brambul is a beast-force substantiation worm which is similar to the overwhelming the WannaCry ransomware, and also abusing the Server Message Block (SMB) procedure to extend to the other systems.
The 32-bit malicious Windows SMB worm always works similar to a dynamic service which is link library file or a portable executable file which is frequently released and installed on the networks of malware drippers.
Warns the warning “When it is performed, then the malware tries to create contact with the victims’ systems and with the IP addresses provided on the local subnetwork of the victims,”
“If it is successful, then the application attempts to gain the unauthorized access through the SMB procedure by starting the password attacks by using a list of predefined passwords attacks.“
Once Brambul has completely gained the unauthorized access from the infected system, the malware will automatically e-mail the information about the victim’s systems to Hidden the Cobra hackers. The information also includes the IP addresses and the name of the host, including the username and password of the victim’s system. Then the Hackers can use the stolen information for remotely access the conciliation system through the SMB procedure.
DHS recommended the users and administrators that always use best practices as anticipatory measures to protect and secure their computer networks, for instance keeping up with the software, disabling SMB, running antivirus software, and prohibition executable unknown as software applications.
Remote Access Trojan- Joanna
According to the warning of US-CERT, “Remote Access Trojan” Joanna is a malware that launched the peer-to-peer communications and also manages botnets which are designed to allow some other malicious operations.
Malware usually infects a system as a file is provided by other malware then so the users innocently download when they are visiting on the compromised websites from hidden Cobra malware and open some of the malicious attachments.
Joanna obtains commands from a remote control and command server controlled by Hidden Cobra malware which is giving them the ability to steal all data, and to install and run more malware, and also initiate alternative communications on a compromised Windows device.
Some other Joanna features include file management, process management, directory creation and deletion, zombie network management, and node management.
Author of this article loves to read and write on Microsoft and its related products like office.com/setup, office.com/myaccount etc. His articles are very famous amongst the web crowd and awarded several times.