Select Page

The United States Department of Justice (DoJ) announced Wednesday its effort to “map and further disrupt” a botnet tied to North Korea that has infected numerous Microsoft Windows computers across the globe over the last decade.

Dubbed Joanap, the botnet is believed to be part of “Hidden Cobra“—an Advanced Persistent Threat (APT) actors’ group often known as Lazarus Group and Guardians of Peace and backed by the North Korean government.

Hidden Cobra is the same hacking group that has been allegedly associated with the WannaCry ransomware menace in 2016, the SWIFT Banking attack in 2016, as well as Sony Motion Pictures hack in 2014.

Dates back to 2009, Joanap is a remote access tool (RAT) that lands on a victim’s system with the help an SMB worm called Brambul, which crawls from one computer to another by brute-forcing Windows Server Message Block (SMB) file-sharing services using a list of common passwords.

Once there, Brambul downloads Joanap on the infected Windows computers, effectively opening a backdoor for its masterminds and giving them remote control of the network of infected Windows computers.

images from Hacker News