Major Effort launches by US for disrupting the North Korean Botnet

A notorious botnet's victims are getting notified by the US authorities, as their efforts of disrupting hermit nation's malicious activities increases. This notorious botnet is run by the state-sponsored hackers of North Korea.

The Federal Bureau of Investigation (FBI) along with officers from US AFOSI (Air Force Office of Special Investigations) has been allowed by a court order to operate the servers mimicking the other peers in Joanap botnet.

This enabled them in mapping the extent of botnet and where the infected machines are. Then those machines owners were notified in the next stage, as most of those machines owners don't have any idea that they are unintentionally aiding hacking campaigns of a foreign power. This process is coordinated by the FBI through ISPs and in a few cases by directly communicating with the individuals. In the cases where the victims live abroad, the FBI communicated with the foreign governments.

The Joanap botnet was in operation since the year 2009, enabled by first-stage Brambul worm that targeted the poorly secured machines of Windows. The latter spreads through a hard-coded log-in credentials list, which it uses for brute-forcing its way into the SMB shares. Once the Joanap botnet is dropped, then it started to scan for various other potential victims.

Fully functional RAT, the Joanap malware is able to receive several commands and is linked by US authorities to the "Hidden Cobra" actors of North Korea. It enables them drop additional payloads; exfiltrate data; manage the files, processes as well as nodes; initialize proxy communications in a Windows device that is compromised and create as well as delete directories. As per the May 2018 US-CERT alert, Joanap was found on 87 network nodes that are compromised in countries such as China, Sweden, Spain, Brazil, India and Iran.

"Our efforts have disrupted state-sponsored cyber-criminals who used malware to establish a computer network that gave them the ability to hack into other computer systems," said Nicola Hanna, the US Attorney. Although the Joanap botnet has been identified many years ago, and could be defeated by anti-virus software, Hanna added that they have identified many unprotected computers hosting the malware underlying botnet.

Hanna further said that "the search warrants and court orders announced today as part of our efforts to eradicate this botnet are just one of the many tools we will use to prevent cyber-criminals from using botnets to stage damaging computer intrusions".

» SPAMfighter News - 2/11/2019