The most notorious hacking group originating from North Korea is called APT38 (Advanced Persistent Threat). They also are known under the alias Lazarus and have been active for quite a while. The APT38 hacking group is known to be working for the North Korean government, and their efforts are concentrated on furthering North Korean interests globally. Most hacking groups who are hired by governments tend to operate in a rather conservative manner and make sure they do not cause unnecessary harm to the target’s system. However, the APT38 group takes no interest in such precautions and can sometimes fully destroy an infiltrated system, which is not of importance to it. Some of the members of the APT38 are even wanted by the United States’ FBI.
Takes over the Command-Line of the System
The NACHOCHEESE threat is a part of the APT38’s hacking tools arsenal, and even though it may not be among their most complex threats, it can prove to be a crucial tool in a campaign. This malware is a command-line hacking tool, which the APT38 group would plant on a compromised system as a second-stage payload. The NACHOCHEESE malware allows the attackers to execute remote commands on the compromised host by taking control over the command line of the system.
APT38 Attempts to Trick Researchers
An interesting feature of the NACHOCHEESE threat is that certain parts of its code are written in very poor Russian. It is likely that the APT38 tried to confuse cybersecurity experts and perhaps mislead them into believing that the NACHOCHEESE backdoor originates from Russia and not North Korea. This is a reoccurring theme when dealing with threats created by the APT38. In past campaigns, malware researchers have discovered lines of their code written in Chinese, Russian and Iranian. Another trick that the APT38 likes to use is to deploy a separate, easily detectable threat on the compromised host. This may help the NACHOCHEESE to remain unnoticed for a longer period.
Since the APT38 is government-funded, their threatening activity will probably continue in the future, and we will likely keep seeing new threats created by this notorious hacking group.
Do You Suspect Your PC May Be Infected with NACHOCHEESE & Other Threats? Scan Your PC with SpyHunterSpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like NACHOCHEESE as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Security Doesn't Let You Download SpyHunter or Access the Internet?Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
- Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
- Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
- Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
- IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.