DHS and FBI Publish Report Warning of New Trojan From North Korea

North Korean Hacking Group Releases New Trojan

The U.S. Department of Homeland Security and the Federal Bureau of Investigation have issued a joint malware analysis report highlighting a new Trojan used by the hacking group, Lazarus, out of North-Korea.

The report, published on the US-CERT website, stated the new Trojan, deemed Hoplight, was detected while tracking the malicious cyber activity of the North Korean-backed hacking group Lazarus, also known as Hidden Cobra.  Additionally, the report contains a detailed analysis of the nine executable files found to be infected with the Hoplight Trojan. 

Seven of the nine files have proxy applications in place in order to mask the traffic between the malware and its operators. 

Of the remaining two files, researchers confirmed one contained a public SSL certificate with the payload appearing to be encoded with a password or key. The remaining file did not contain any of the public SSL certificates, but attempted outbound connections.

The Hoplight Trojan is able to read, write and move files, enumerate system drives, create and terminate processes, inject into running processes, create, start and stop services, modify registry settings, connect to a remote host, as well as upload and download files.  The malware is also able to open and bind to a socket, and uses a public SSL certificate for secure communication.

**PC Matic users, rest assured you are entirely protected from this newly found Trojan. The nine executable files would not be able to run on any computer that has PC Matic’s whitelist protection running, as none of the files are known, trusted programs.

 5,715 total views,  1 views today

(Visited 1 times, 1 visits today)

9 thoughts on “DHS and FBI Publish Report Warning of New Trojan From North Korea”

    1. It all depends on the individual software capabilities. In order to be certain, you would need to check with the maker of the software you’re questioning. However, you are absolutely correct — the inability to switch operating systems seamlessly does prevent people from switching. We are even seeing this with users going from Windows 7 to Windows 10 because not all legacy systems are operational on a Win10 OS.

  1. I can add that the International Space Station switched to Linux a couple years ago. They can’t afford to be hacked on any of their systems. They still manage to do live video interviews with news networks in Canada. Banks, governments, anyone who has highly sensitive information like medical records, credit card info, etc. could benefit from a sustained conversion program to a safer operating system. It’s not just the software, unless you need an excuse.

    Then again, why should I worry? As long as hackers are focussed on the Windows OS’s, I’m not a target on their hit list. The only problem I’ve had in 10 years, was a memory-resident problem on my router. A quick reboot, and it was gone. My ISP must pull their hair out at times with DDOS attacks, but I’m safe.

  2. I have to assume that these trojans were written to function in Windows environments. Windows of any vintage? I keep one XP machine and one Win-7 machine functioning, but I do very little on them, and limit my exposure to malware. The rest of my serious surfing, e-mail etc. is done on Linux (Mint). Long term storage (NAS) is on a BSD based distro using ZFS file system and log-in security. I have had no malware of any kind, but I also admit I’m a safe surfer. Occasionally I’ll use a Linux based anti-malware program to scan my hard drive for anything embedded in e-mails. I don’t want to pass them on to Windows users.

    My one question would be why are Windows users so reluctant to switch to a safe operating system in light of all the ransomeware, and the costs involved? Why do Windows users keep buying the latest version of the Ford Edsel? I don’t mean to put you out of business, but why are people so dumb? Even those German and other European communities that switched to Linux, and then went back to Windows must not have had security in mind, and why their IT people don’t keep them safe, I still can’t figure out.

    Ok, a second question, since the two main N.A. operating systems are Windows and Mac, is Mac a target too, or just Windows?

    What’s wrong with the intellect of the western world? Is IT job security the main issue?

    1. The short answer — it depends. The exact method these files are being distributed has not been determined, so it’s unclear if they are using email, program security holes, or piggybacking from another malware. If you’re running PC Matic on your Android device, the whitelist will prevent Hoplight from successfully running. But, if you’re not using whitelist protection, your devices may be susceptible to attack.

Leave a Comment

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.