Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

US authorities aim to dismantle North Korea’s Joanap Botnet

FBI and Air Force experts are sinkholing the Joanap botnet to collect information about it and dismantle the malicious infrastrcuture. The U.S. Justice Department declares war to the Joanap Botnet that is associated with North Korea.  The U.S. DoJ announced this week that it is working to dismantle the infamous Joanap botnet, a malicious infrastructure […]

Joanap botnet

FBI and Air Force experts are sinkholing the Joanap botnet to collect information about it and dismantle the malicious infrastrcuture.

The U.S. Justice Department declares war to the Joanap Botnet that is associated with North Korea. 

The U.S. DoJ announced this week that it is working to dismantle the infamous Joanap botnet, a malicious infrastructure that is believed to be associated to Pyongyang.

The FBI and the U.S. Air Force Office of Special Investigations (AFOSI) obtained court orders and search warrants that allow them to conduct sinkholing of the Joanap botnet.

The Joanap bot is a remote access trojan (RAT) that allows the attackers to exfiltrate data from compromised systems, it supports many commands and is also able to drop additional payloads.

The authorities set up servers that mimic the botnet’s communication system in order to collect information on infected systems and share them with ISP and the owners of the compromised computers.

The U.S. authorities will also inform foreign victims through the FBI’s Legal Attaches that works with the law enforcement and security agencies in their countries.

The Joanap botnet has been around since 2009, experts pointed out that the threat is still spreading through unpatched systems and unprotected networks. The bot is delivered by using the Brambul SMB worm that is able to spreads through a network by brute-forcing SMB shares leveraging on a list of hard-coded credentials.

Experts linked both the Joanap and Brambul malware to the North Korea-linked Hidden Cobra APT group.

The Joanap bot infected systems in many industries, including media, aerospace, financial, and critical infrastructure sectors across the world.

“Computers around the world remain infected by a botnet associated with the North Korean Regime,” said Assistant Attorney General John Demers. “Through this operation, we are working to eradicate the threat that North Korea state hackers pose to the confidentiality, integrity, and availability of data. This operation is another example of the Justice Department’s efforts to use every tool at our disposal to disrupt national security threat actors, including, but by no means limited to, prosecution.”

“Through technical means and legal process, the FBI continually seeks to disrupt the malicious cyber activities of North Korean cybercriminals, as in this case, and all cyber actors who pose a threat to the United States and our international partners.” explained ADIC Paul Delacourt,

In June 2018, the FBI filed a complaint against the North Korean citizen Park Jin Hyok, an expert that works for North Korean military intelligence agency Reconnaissance General Bureau (RGB).

The man, also known as Pak Jin Hek, is also linked to the dreaded Lazarus APT Group, according to the authorities it was involved in numerous computer intrusions in which he had used also the Brambul malware to gain unauthorized access to computers.

“Moreover, a complaint was filed on June 8, 2018, charging Park Jin Hyok with a conspiracy to carry out numerous computer intrusions backed by the North Korean government.  That complaint alleged how co-conspirators used Brambul to gain unauthorized access to computers, and then used those computers to carry out the charged malicious cyber activities.  The Brambul worm itself was recovered from the computer networks of some victims of the conspiracy. “

The good news for users is that the Joanap is not effective against updated Microsoft Windows systems running Windows Defender and using Windows Update. Most of the antivirus programs are also able to detect both Joanap and Brambul.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Joanap botnet, North Korea)

[adrotate banner=”5″] [adrotate banner=”13″]