New North Korean malware 'Typeframe' discovered by U.S.
MANILA, Philippines – The United States Department of Homeland Security (DHS), along with the Federal Bureau of Investigation (FBI), have identified a new malware called "Typeframe" being used by North Korea in their cyber campaigns. The report was published on the website of DHS' United States Computer Emergency Readiness Team (US-CERT) on Thursday, June 14.
"Typeframe" may disable or damage computers and computer systems, warned the US security bodies. Found in both 32-bit and 64-bit Windows executable files and a malicious Microsoft Word document, the malware has the "capability to download and install malware, install proxy and Remote Access Trojans (RATs), connect to command and control servers to receive additional instructions, and modify the victim's firewall to allow incoming connections," said the DHS report.
"DHS and FBI are distributing this malware analysis report (MAR) to enable network defense and reduce exposure to North Korean government malicious cyber activity," the report indicated.
A MAR is "intended to provide organizations with more detailed malware analysis acquired via manual reverse engineering." The US-CERT encourages individuals to submit potential malware samples through firstname.lastname@example.org.
Eleven major reports (4 joint technical alerts and 7 joint MARs) associated with North Korean government malicious cyber activity have been released since June 2017, a DHS spokesperson told CNN. The reports are collected on this page on the US-CERT website.
The latest report comes out just a few days after the denuclearization meeting between US and North Korean leaders Donald Trump and Kim Jong-Un. (READ: Trump, Kim hail historic summit; questions over way forward)
The US has long been aware of North Korea's cyber abilities and campaigns, which it has now classified under the umbrella term "Hidden Cobra." All suspicious, malicious North Korean cyber activities fall under the categorization.
North Korean cyber actors are believed to have been behind the debilitating and widespread WannaCry hack of 2017, the Sony Pictures hack in 2014, and most recently, in February 2018, a campaign targeting international campaigns led by a group called "Reapers." – Rappler.com