Go to listing page

FBI & AFOSI working together to decimate the North-Korean Joanap botnet

FBI & AFOSI working together to decimate the North-Korean Joanap botnet
  • Joanap, a remote access tool (RAT) created by a North Korean hacking group, is active since 2009.
  • The Department of Justice (DOJ) publicly announced its operation on January 30, 2019, to take down the Joanap botnet, with collaboration between the Federal Bureau of Investigation (FBI) and the Air Force Office of Special Investigations (AFOSI).

Joanap botnet, which made news back in 2009 by affecting computer systems globally, is now in the radar of law enforcement agencies. The US Department of Justice (DOJ) through FBI along with Air Force Office of Special Investigations (AFOSI) is on a crackdown to eliminate the RAT-based botnet.

On January 30, 2019, DOJ announced a mission to ‘map and further disrupt’ Joanap after it indicted North-Korean hacker Park Jin Hyok, believed to be part of the group who created the malware.

Combined might of the federal agencies

Assistant Attorney General for National Security John Demers, United States Attorney Nicola T. Hanna, Assistant Director in Charge (ADIC) Paul Delacourt of the FBI’s Los Angeles Field Office and the U.S. Air Force Office of Special Investigations jointly made the announcement.

“While the Joanap botnet was identified years ago and can be defeated with antivirus software, we identified numerous unprotected computers that hosted the malware underlying the botnet. The search warrants and court orders announced today as part of our efforts to eradicate this botnet are just one of the many tools we will use to prevent cybercriminals from using botnets to stage damaging computer intrusions,” said Attorney Hanna in the announcement.

Essentially, FBI and AFOSI would collect metadata from infected computers so that they can map the presence of Joanap worldwide.

Despite many antimalware programs working to stop Joanap, it is believed that some systems might still be infected with the malware. Since it operates through peer-to-peer connections, every infected computer becomes a part of the C&C system of the botnet.

Cyware Publisher