The Pentagon, FBI, and Department of Homeland Security have publicly identified a North Korean hacking campaign as part of a broad information sharing program intended to warn industry against adversarial hacking, CyberScoop has learned.
Many of of those malware files exhibit typical remote access trojan (RAT) features.
As part of DHS’ Cybersecurity and Information Security Agency’s effort to share information with the private sector about threats the U.S. government is detecting, private sector got a heads up about the North Korean malware in advance, according to multiple sources familiar with the warning.
“These malware samples are currently used for fund generation and malicious cyber activities including remote access, beaconing, and malware command by malicious cyber actors,” Cyber Command said in November.
It wasn’t clear why Cyber Command made the decision to explicitly expose the North Korean regime in its latest warning, but a Cyber Command spokesperson told CyberScoop that the attribution took place following FBI attribution of the samples to North Korea.