Wednesday, May 30, 2018
Big time malware from North Korea can disrupt businesses, maybe hack sites and capture domain names
US Cert has issued a two-part report regarding the Hidden Cobra Rat worm, as well as the Joanap Backdoor Trojan and Branbul Server Message Block Worm, summary here.
These appear to originate from North Korea and are primarily directed at industrial companies. The description of the Rat worm is exceptionally detailed. Part of the worm includes a powerful password cracker.
I am also aware of instances where a domain, perhaps one with political significance, has been hacked and the domain actually removed from registration by hacking, after replacement with malware botss. This is likely to be foreign and might be related to North Korea. I’ll report more details when they are available. Trend Micro and Windows Defender have reported detecting this problem.