FBI and DHS Issue Joanap and Brambul Malware Attack Warning

According to an FBI and DHS warning, the Hidden Cobra hacker team in North Korea is using Joanap and Brambul malware to attack and access networks, primarily targeting media, aerospace, financial, and infrastructure companies.

Joanap, a remote access tool, can secretly receive commands from Hidden Cobra.

Brambul, a brute-force authentication worm, tries to access networks.

US DHS Official Release.

The impact can potentially result in:

  • Temporary/permanent loss of sensitive or proprietary information
  • Disruption to regular business operations
  • Financial losses from System Restoration
  • Harm to a company’s reputation

To mitigate such threats, MSSPs and organizations should:

  • Keep OS and software up-to-date with the latest patches. Most attacks target vulnerable applications and exploitable entry points.
  • Restrict users’ permissions to install and run software applications. This limits malware spread and effectiveness.
  • Scan and remove suspicious email attachments. Malicious attachments can enable macros, and embedded code will execute the malware on the machine.
  • Disable Microsoft’s File and Printer Sharing, if not required. If needed, use strong passwords or AD authentication.
  • Configure firewalls to deny unsolicited connection requests.

Read : McAfee’s research work and in-depth analysis on this topic.


Matthew Newcomb

Author: Matthew Newcomb

Solution Consultant


  • Microsoft Partner for providing Cloud Solutions in Chicago, Illinois
  • Top Managed Security Service Providers (MSSPs) in Chicago, Illinois
  • Inc 5000 Fastest Growing Companies in US
  • Best Managed Security Services Providers in Chicago, Illinois