U.S.Cyber Command releases 11 malware samples linked with North Korean government hackers

• Most of these samples are tied to the notorious Lazarus Group which has been active since at least 2009.
• The Cyber Command has discovered several samples that are similar or close to the well-known malware called HOPLIGHT.

U.S. Cyber Command has shared 11 malware samples with VirusTotal, which are believed to be linked with North Korean government hacker groups. Most of these samples are tied to the notorious Lazarus Group which has been active since at least 2009.

What is the name of the malware?

The Cyber Command has discovered several samples that are similar or close to the well-known malware called HOPLIGHT. HOPLIGHT is a trojan that is primarily involved in gathering information from victims’ systems. It uses a public SSL certificate for secure communications with attackers.

Highlighting the increase in malicious activities by North Korean hackers, FireEye Managing Principal Threat Analyst Andrew Thompson said, “The signal to [North Korea] that their activities are attributable does matter. The significance is [North Korea] can’t just do whatever they want to do with anonymity. That’s behavior shaping,” Cyberscoop reported.

What is the significance?

The new discovery comes to light weeks after the United Nation warned that North Korea has used dozens of cyberattacks to fund its nuclear weapons program.

How is Cyber Command addressing it?

Cyber Command has informed all the organizations in the private sector through the Department of Homeland Security (DHS). The forewarning is a part of a practice Cyber Command has been following since earlier this July.

The U.S.government, through the FBI and DHS’s Cybersecurity and Infrastructure Security Agency, had already warned about HOPLIGHT this April in a joint alert. The alert was to enable network defense and reduce exposure to the North Korean government malicious cyber activity.