North Korea doesn't use Soviet 60's Surplus to Hack

The evening news would have you believe that North Korea is devoid of modern western technology or organisation. Apparently, there was an excellent DVD collection a while back…

Basically, they’re all the new silent service. Gone are the days where an author would just write a virus to destroy a file system in an insidious way. Nah, a silent sleep agent, kill or wake switch is a great way to amass a new digital weapon.

  • Hoplight – Trojan malware variants
  • Bistromath – malware descriptions Trojan[Backdoor]/Win32.Androm
  • Slickshoes – Trojan/Win32.Agent
  • Hotcroissant – Trojan malware variants, 94.177.123.138
  • Artfulpie – malware descriptions Trojan.Win32.Heur.098
  • Buffetline – full-featured beaconing implant
  • Crowded Flounder – Themida-packed Remote Access Trojan (RAT)
Picture of North Korean Leader Giving “sick coding” lessons to his cyber arms division

From CISA https://www.us-cert.gov/privacy/notification

North Korean Malicious Cyber Activity

02/14/2020 07:40 AM EST

Original release date: February 14, 2020

The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Defense (DoD) have identified the following malware variants used by the North Korean government. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA.

CISA encourages users and administrators to review the Malware Analysis Reports for each malware variant listed above and the North Korean Malicious Cyber Activity page for more information.