US Government Warns of New 'Hidden Cobra' Cyberattack Initiated by North Korea

US Government authorities have warned this week that the North Korean APT group Hidden Cobra has launched another dangerous cyberattack using a new form of malware. According to the US Computer Emergency Readiness Team (US-CERT), the new malware is targeting high-profile victims, like major businesses both in the US and worldwide, whereby the new threat is by no means less powerful than the previously known attacks conducted under the Hidden Cobra campaign in the past few years. The actors behind these attacks are trying to extract sensitive and proprietary information. However, the malicious tools distributed by them can also disrupt the regular operations of the infected machines and disable files.

Dubbed Typeframe, the new malware detected by the Department of Homeland Security (DHS) has pretty much the same functionalities as the other threats implemented by the hacking group before. Namely, Typeframe is capable of changing firewall rules, downloading and running additional payloads, and waiting for instructions from a remote-control server. According to the report issued by DHS, 11 different malware samples have been discovered, and they have consisted of 32-bit and 64-bit Windows executable files. Among the discovered items is also a Microsoft Word document containing macros which serve for the actual deploying of the malware on the target machines.

Two families of malware have been attributed by the US authorities to the Hidden Cobra group in the past – a remote access tool (RAT) named Joanap, and a Server Message Block (SMB) dubbed Brambul.

Joint research by the DHS and the FBI has shown that the IP addresses and the other indicators of compromise of these previous two threats point to malware that is typically developed by the government of North Korea. According to a warning issued at the end of May this year, the two campaigns have been active since at least 2009, and their activity has consisted mostly of tracking infected computers worldwide. The victims of that cyber espionage come from various of the economy, like infrastructure, media, financial, aerospace, and many others. Among the countries affected by the breaches are Belgium, China, Saudi Arabia, Spain, Sweden, Argentina, and Taiwan.

Experts warn that this type of malware infects systems without any notice of users and owners, and if the malicious app manages to secure its persistence on the affected machines, it can move through the entire network and infect other connected devices.