On 12 May we were able to "celebrate" the third anniversary of the arrival of WannaCry Ransomware, one of the most devastating and widespread globally online malware.
In the same day US cybersecurity officials released a paper on three varieties of malware that have been discovered been used by North Korea government - as said by the US Government - sponsoring hackers to attack different targets around the world.
The 2017 WannaCry ransomware infection, also known as Wanna Decryptor, exploited a Windows SMB function nicknamed EternalBlue, which allowed a criminal hacker to hijack Windows computers in exchange of freedom for Bitcoin payments of up to $ 600. Since then the attack has been traced back to Hidden Cobra.
The 3 new Malware
US officials have identified the following three malware strains:
It is a remote access trojan (RAT) capable of executing arbitrary commands, system reconnaissance and stealing data. Six different variants have been identified.
A malware (trojan) installed on compromised systems to receive and execute the attacker's commands. These examples use FakeTLS for session authentication and network encryption using an Linear Feedback Shift Register (LFSR) algorithm.
This malware has the ability to download, upload, delete and execute files; enable access to the Windows CLI; create and terminate processes; and enumerate the target system.
The criminal hacker group Hidden Cobra
The circulating information, contained in several documents known as malware analysis reports (MAR), describes in detail the hacker activity of Hidden Cobra, an advanced group of persistent threats that the United States government previously linked to the North Korean government.
The Hidden Cobra group often turns to financial institutions such as banks, cryptocurrency exchanges and ATMs for financial gains, says the US government. However, it was not immediately clear which specific security incidents, if any, the United States government sought to expose in the information sharing effort.
Between 2017 and 2018, WannaCry with Hidden Cobra behind infected 200,000 computers in at least 150 countries, also causing significant inconvenience, among many, even to the entire national health service in the United Kingdom. Fortunately, after the peak of infections, according to industry studies, WannaCry has recorded a 91% drop in the last year.
A trend that unfortunately has not seen a decrease is that of more targeted attacks (such as APTs) which are clearly increasing. Attacks where companies and organizations, even more than individuals, are targeted. For this reason, there is far more than some concern related to the re-emergence of these groups of Criminal HAcker.
Who is Lazarus hacker team?
It seems that Lazarus and Hidden Cobra are the same entity but they use different names for different kind of cyber attack. Seem that also US Govern have firstly named it’s operation “Hidden Cobra” and only later the group take the name as it was, replacing Lazarus.
The Lazarus group is also responsible for stealing over $ 571 million in cryptocurrency from online trading sites, this attacks led the U.S. Treasury to sanction the group and its two off-shoots, members Bluenoroff and Andariel, last September.
The hacking group Lazarus that hit Sony Picture in 2014 and Bangladesh in 2016 now appears to be involved in the numerous attacks that have an epicenter in North Korea, the criminal group is far away to be beaten.