Financial Self Defense

North Korean Group Launches Two New RATs

June 28, 2018

The U.S. Computer Emergency Readiness Team (US-CERT) along with the FBI are issuing an alert to computer users about a couple of new malware that are reportedly being used by the North Korean government backed hacking group, Hidden Cobra. This group, also known as Lazarus Group and Guardians of Peace is well known to attack media organizations, financial institutions, critical infrastructure targets, and aerospace organizations around the world. It was also linked to the infamous WannaCry outbreak last year that took down hospital systems and businesses worldwide. In this recent finding, the group is using two pieces of malware, Joanap and Brambul to gain remote access to computers.

Joanap is a remote access Trojan (RAT) that according to US-CERT typically infects once users visit a malicious website or open malicious email attachments. Once it’s deployed, it gives the hacking group the ability to steal information, install and run additional malware, and initiate communications with others. Joanap was found by the U. S. government on 87 network nodes in 17 countries. For IT administrators, the FBI and Department of Homeland Security has provided downloadable lists of some IP addresses used by this malware. You can use this list to block them.

Brambul is a worm. Specifically, a Server Message Block (SMB) worm. It can quickly spread itself to other systems and then use all the systems for brute force password attacks using a list of passwords. Once Brambul is executed, it sends information about the victims’ systems back to the hackers via email.

To prevent this from happening to your computer, there are a few measures you can take:

Don’t open links or attachments in unsolicited email messages.
Be cautious of websites you visit and especially use good judgment when entering in confidential or sensitive information into them. If you don’t see the “https:” or “secure” messages in the address bar, don’t enter it.
Always keep systems and software updated with the latest patches and versions of the products.
Ensure anti-malware and anti-virus software is installed on each device and that it’s also kept up-to-date.
Never give programs and apps administrator rights. The vast majority of them just don’t need it and if they ask, you should really research what the app is trying to do.

Stickley on Security
Published June 27, 2018

Back to Article List

More Reads

Navigating the Path to Homeownership

July 12, 2024

Mortgage

Navigating Reduced Income

July 12, 2024

Personal Finance

Keep Your Accounts Safe from Mobile Scams

July 12, 2024

Financial Self Defense

You are now leaving nasafcu.com and entering a third party website that is not part of NASA Federal Credit Union.

The content you are about to view is produced by a third party unaffiliated to NASA Federal Credit Union. NASA Federal takes no responsibility for the content of the page.

North Korean Group Launches Two New RATs

Navigating the Path to Homeownership

Navigating Reduced Income

Keep Your Accounts Safe from Mobile Scams

We’re here to help

Mortgages & Equity

Auto & RV Loans

Credit Cards

Personal Loans

Student Loans

Business Services

Checking & Savings

Financial Planning

Get Our Mobile App

Follow Us

Get Our Mobile App

Follow Us

You are now leaving nasafcu.com and entering a third party website that is not part of NASA Federal Credit Union.