The US government had released the information about three new malware strains used by state-sponsored North Korean hackers.
The new malware strains named as Copperhedge, Taintedscribe and Pebbledash can perform remote exploration and exfiltration of sensitive information from target systems.
A joint advisory has been released by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Defense (DoD) on the occasion of the 3rd anniversary of the infamous WannaCry ransomware outbreak for which North Korea was blamed.
The three new malware strains are the latest addition to the list of more than 20 malware samples which were identified by the security agencies as part of a series of malicious cyber activity by the North Korean government it calls Hidden Cobra, or widely known as Lazarus Group.
Copperhedge is a full-featured Remote Access Tool (RAT) that can run arbitrary commands, performing system reconnaissance, and exfiltrating data. This is used by advanced hackers to target cryptocurrency exchanges and related organizations. A total of six different versions of Copperhedge were identified.
Taintedscribe acts as a backdoor implant that disguise itself as Microsoft’s Narrator screen reader utility to download malicious payloads from a command-and-control (C2) server, upload, and execute files, and even create and terminate processes.
The Pebbledash has the abilities to download, upload, delete, and execute files; enable Windows CLI access; create and terminate processes; perform target system enumeration.
In 2017, the WannaCry ransomware leveraged a Windows SMB exploit called EternalBlue, which permitted an attacker to hijack unpatched Windows computers in return for Bitcoin payments of up to $600.
The Lazarus Group was responsible for the theft of more than $571 million worth of cryptocurrency from online exchanges.
Last month, the US government had issued guidance on the ‘significant cyber threat’ posed by North Korean state-sponsored hackers to the global banking and financial institutions. Besides they also offered a reward of up to $5 million for information about past or ongoing illicit DPRK activities in the cyber realm.