A new type of malware is seeing action by North Korea to compromise computers as part of the Hidden Cobra campaign, US-CERT reported.
Typeframe is the name of the attack and it does the same things as other cyber-infections discovered earlier this year, researchers said.
US-CERT said the attack is used by the North Korean government and it includes downloading and installing other payloads, changing firewall rules, and waiting for instructions from a control center.
The Department of Homeland Security (DHS) discovered 11 malware samples consisting of 32-bit and 64-bit Windows executable files and a Microsoft Word document containing macros used to deploy the malware on target computers.
The US-CERT issued alerts regarding Hidden Cobra, a malicious cyber-activity campaign launched by North Korea and including several forms of malware used to take control of systems and help compromise high-profile targets.
On May 29, a warning reported North Korea has been using two different families of malware called Joanap and Brambul since at least 2009 to track activity on the infected computers. Citing third-party reports, US-CERT said North Korea used Hidden Cobra attacks against targets worldwide and in the United States, including the media, aerospace, financial, and other infrastructure sectors.
Argentina, Belgium, China, Spain, Saudi Arabia, Taiwan, and Sweden have been targets of attacks, US-CERT said.
“Malware often infects servers and systems without the knowledge of system users and owners. If the malware can establish persistence, it could move laterally through a victim’s network and any connected networks to infect nodes beyond those identified in this alert,” US-CERT said in the May post.