The US government has discovered a new malware campaign called TypeFrame believed to be originating from North Korea. The United States Department of Homeland Security's Computer Emergency Response Team (US-CERT) issued an advisory Friday saying the malware contains descriptions related to Hidden Cobra - a term used by the US government to describe North Korean state-sponsored hackers.
The advisory analyzed 11 samples in the TypeFrame campaign that included 32-bit and 64-bit Windows executable files and a malicious Microsoft Word document that contained Visual Basic for Applications (VBA) macros. While most were remote access trojans (RATs) with RC4-encrypted files, some did add more sophisticated backdoors.
"These files have the capability to download and install malware, install proxy and Remote Access Trojans (RATs), connect to command and control (C2) servers to receive additional instructions, and modify the victim's firewall to allow incoming connections," the advisory read.
Most of the malicious software were created in 2016 and 2017 while one file was compiled in 2015.
Administrators and users have been advised to report any activity linked to the malware to the DHS National Cybersecurity and Communications Integration Center (NCCIC) or FBI Cyber Watch (CyWatch), and give it "the highest priority for enhanced mitigation."
"NCCIC would like to remind users and administrators to consider using the following best practices to strengthen the security posture of their organization's systems. Any configuration changes should be reviewed by system owners and administrators prior to implementation to avoid unwanted impacts," the advisory read.
US-CERT issued the advisory just days after the historic summit between President Donald Trump and North Korean leader Kim Jong Un in Singapore.
Last month the agency issued a technical alert about two other North Korea-linked malware strains - Joanap and Brambul. In December, the Trump administration blamed North Korea for the widespread WannaCry ransomware that infected hundreds of thousands of computers around the world. Pyongyang dismissed those accusations as baseless.