Just days after the summit between the U.S. and North Korea, the Federal Bureau of Investigation (FBI) and the Department of Homeland Security issued a warning about a malicious malware, a Trojan malware variant known as “TYPEFRAME,” has been dubbed HIDDEN COBRA, which is believed to be backed by the North Korean government and is designed to damage computer systems and make them vulnerable to future intrusions. This is further to warnings before that cyber criminals and state actors are now interested in sabotage, as opposed to theft of personal information.
According to the DHS Computer Emergency Readiness Team, “DHS and FBI are distributing this warning to enable network defense and reduce exposure to North Korean government malicious cyber activity.”
The US-CERT Malware Analysis Report (AR18-165A) on TYPEFRAME includes malware distributions attributed to HIDDEN COBRA, and suggests responses and mitigation techniques. It contains 11 malware samples, consisting of 32-bit and 64-bit Windows executable files and a malicious Microsoft Word document that contain Visual Basic for Applications (VBA) macros.
The NCCIC Malware Analysis Report can be accessed here. For more information on HIDDEN COBRA activity, visit https://www.us-cert.gov/hiddencobra.