FBI, DHS Unveil Details on New Malware from North Korea


At a time when President Trump engaged in a historic meeting with North Korea’s Kim Jong Un, a joint DHS_FBI report has detailed a new trojan originating from South Korea, dubbed Typeframe.

In a report released today, the DHS said the new trojan is able to download and install additional malware, trojans and proxies, modify firewalls and even connect to remote servers for additional malicious instructions.

The joint report pointed the finger at North Korean hacking group Hidden Cobra as the developers and operators of the malware. Federal officials are now distributing the report to help reduce exposure to the malware after discovering 11 samples containing 32-bit and 64-bit Windows executable files and a malicious Word document that contained Visual Basic for Applications (VBA) macros.

The DHS stated:

These files have the capability to download and install malware, install proxy and Remote Access Trojans (RATs), connect to command and control (C2) servers to receive additional instructions, and modify the victim’s firewall to allow incoming connections.

Further, the US CERT (Computer Emergency Readiness Team) recommended companies and vulnerable targets to follow basic safe practices to remain secure, maintain up-to-date antivirus signatures and malware detection engines.

Other pointers included:

  • Keeping operating system patches up-to-date
  • Disabling File and Printer sharing services or use strong security credentials or Active Directory authentication if those services are essential.
  • Use a strong password policy with regular changes.
  • Restrict users’ permissions to install and use unwanted software.

The US has previously blamed North Korea as the source of the Wannacry cyberattack.

Image credit: Wikimedia.