The US Department of Homeland Security said that it has identified malicious cyber activity by the North Korean government, according to a new report released on Thursday, just days after the historic summit between President Donald Trump and North Korean dictator Kim Jong Un.
This malware variant is known as TYPEFRAME, according to the report by the DHS Computer Emergency Readiness Team, noting that “the US Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA”.
Themalware samples that have been checked so far consist of 32-bit and 64-bit Windows executable files and a malicious Microsoft Word document that contains Visual Basic for Applications (VBA) macros. These files have the capability to download and install malware, install proxy and Remote Access Trojans (RATs), connect to command and control (C2) servers to receive additional instructions, and modify the victim’s firewall to allow incoming connections.
C&C IP’s And Host’s To Block