According to an FBI and DHS warning, the Hidden Cobra hacker team in North Korea is using Joanap and Brambul malware to attack and access networks, primarily targeting media, aerospace, financial, and infrastructure companies.
Joanap, a remote access tool, can secretly receive commands from Hidden Cobra.
Brambul, a brute-force authentication worm, tries to access networks.
The impact can potentially result in:
- Temporary/permanent loss of sensitive or proprietary information
- Disruption to regular business operations
- Financial losses from System Restoration
- Harm to a company’s reputation
To mitigate such threats, MSSPs and organizations should:
- Keep OS and software up-to-date with the latest patches. Most attacks target vulnerable applications and exploitable entry points.
- Restrict users’ permissions to install and run software applications. This limits malware spread and effectiveness.
- Scan and remove suspicious email attachments. Malicious attachments can enable macros, and embedded code will execute the malware on the machine.
- Disable Microsoft’s File and Printer Sharing, if not required. If needed, use strong passwords or AD authentication.
- Configure firewalls to deny unsolicited connection requests.