FBI discovered malware that is supposed to originate from North Korea. So, together with US Cyber Command, and DHS (Department of Homeland Security) issued a security statement. The document contains the information of the six malware that the North Korean Hackers are using.
Cyber National Mission Force announced that the North Korean hackers are spreading the malware via phishing campaigns.
According to the authorities, the malware allows the North Korean hackers to sneak their way into infected systems. Their purpose was to steal money. Then, they transferred the money back to North Korea. So, the attackers did this to avoid the economic sanctions. Still, this is not the first time when the North Korean government uses hackers to steal money and cryptocurrency. The purpose of this actions is to fund the nuclear plans and missile programs, while avoiding the economic sanctions. US agencies discovered six malware: Bistromath, Slickshoes, Crowdedflounder, Hotcroissant, Artfulpie, and Buffet line. The official website and twitter account of DHS, US Cyber Command, have complete details about the malware.
The Lazarous Group is blamed
Cybersecurity and Infrastructure Security Agency (CISA) believes that the North Korean hacker group Lazarus was behind the attack. As of the largest and most active hackers’ groups in North Korea, it also works under an alias – Hidden Cobra. According to the DOJ (Department of Justice), Lazarus was also involved in attacks in 2014, 2016 and 2017. The attacks are known as Sony hack, Bangladesh Bank Attack, and WannaCry ransomware outbreak.
In the past, when FBI discovered malware, US avoided statements when it had to deal with cybersecurity attacks. But recently it has adopted a new name and shame approach to deal with this issue. So, for the US cybercommand it became natural to publish publicly about the malware on its Twitter handle, along with the nation responsible.