This week, FBI officials sent out a warning about the password-stealing malware, Joanap.
According to The Department of Homeland Security and the FBI, North Korean hackers have been using:
- A remote access tool (RAT), commonly known as Joanap;
- and a Server Message Block (SMB) worm, commonly known as Brambul
Officially, the U.S. Government has been referring to malicious cyber activity by the North Korean government as HIDDEN COBRA.
It is believed by the government that HIDDEN COBRA has been in operation since 2009, with the goal to target victims within the media, aerospace, financial, and critical infrastructure sectors.
Who has been affected?
The U.S. is not the only country to be touched by HIDDEN COBRA. Upon discovery, the U.S. government has identified 87 more compromised network nodes used as part of the hacking campaign in the following countries:
Argentina, Brazil, China, Egypt, Iran, Pakistan, Spain, Sweden, Tunisia, Belgium, Cambodia, Columbia, India, Joran, Saudia Arabia, Sri Lanka, Taiwan, United States
What does Joanap do?
Joanap can receive commands issued by the hackers remotely from a command-and-control server.
Possible impacts of Joanap include:
- Temporary or permanent loss of sensitive or proprietary information
- Disruption of regular operations
- Financial losses incurred to restore systems and files
- Harm to an organization’s reputation
More technically speaking, through Joanap, hackers can steal data, run further malware and initialize proxy communications on a compromised Windows device.
Once the malware has gained unauthorized access, it communicates information about victim’s systems to the hackers via email. This includes sensitive information like:
- IP address
Additionally, it has been declared that the malware, Brambul, is a brute-force worm.
A brute-force attack is when computer software generates every possible combination of letters, digits, and special symbols to determine the password. With a strong enough computer (and weak enough passwords) hackers can crack passwords in milliseconds.
How can you protect yourself?
To begin, it’s crucial to determine if your operating systems and software is up-to-date. Out-of-date or vulnerable operating systems are often a point of attack.
Other security recommendations include:
- Update your antivirus software
- Restricting access to installing and running unwanted software applications
- Reinforce your passwords with two-step authentication
- Ensure your passwords are up to par
Download EZPD now to take a step toward password protection and security against Joanap.