Skip to main content

US Agencies Publicly Blame North Korea for Numerous Malware Campaigns

(Image credit: U.S. Cyber Command)

Government officials rarely attribute cyber attacks to other countries, but the U.S. made an exception on Valentine's Day, when multiple agencies publicly accused North Korea of conducting several malware campaigns against Western targets.

The accusations were revealed in several Malware Analysis Reports filed by the Department of Homeland Security, FBI and Department of Defense on February 14 as well as a tweet from the official U.S. Cyber Command Malware Alert account.

The agencies blamed North Korea--or, as it's been nicknamed by the U.S. government, HIDDEN COBRA--for the following malware campaigns:

CyberScoop reported that this was one of the first times U.S. agencies have publicly attributed malware campaigns to nation-state actors. It doesn't seem like it will be the last time, though, as a U.S. Cyber Command spokesperson told CyberScoop:

"FBI, through the National Cyber Investigative Joint Task Force, attributed these malware samples to DPRK after rigorous assessment. Associating the FBI's attribution of malware to a nation-state is situation-dependent, based on timing."

The U.S. Cyber Command Malware Alert account on Twitter was a bit more cavalier about the attribution of these malware campaigns to North Korea. A follow-up tweet about the campaigns included an image of candy hearts reading "DPRK Malware."

There's no denying that blaming North Korea for these campaigns is a serious matter; accusing other countries of misbehaving always is. But we think the silly codenames and Valentine's Day meme show that the U.S. is having a bit of fun, too.

  • Giroro
    Somebody should make a virus where all it does is update the infected system to the latest security patch, runs a virus scan, and then it deletes itself.
    Reply
  • pjmelect
    I am puzzled by this, as I understand it North Korea has only a couple of hundred computers and even less of them are connected to the internet. It would be easy to monitor all internet traffic from North Korea as there is so little of it. More likely if North Korea does carry out malware attacks than it is done by agents outside the country. If it is done from outside that country where is the proof that the malware comes from North Korea and not Chinese or other hackers?
    Reply
  • USAFRet
    pjmelect said:
    I am puzzled by this, as I understand it North Korea has only a couple of hundred computers and even less of them are connected to the internet. It would be easy to monitor all internet traffic from North Korea as there is so little of it. More likely if North Korea does carry out malware attacks than it is done by agents outside the country. If it is done from outside that country where is the proof that the malware comes from North Korea and not Chinese or other hackers?
    - While they may have few 'normal' user computers, that does not negate the possibility of having many, many dedicated for govt/military use.

    - Being "North Korean" does not automatically mean they are physically in the boundaries of the country

    - This is not the first time

    - Tools, procedures, code snippets....all can be fingerprinted and might lead back to an earlier usage out of NK
    Reply
  • bit_user
    Giroro said:
    Somebody should make a virus where all it does is update the infected system to the latest security patch, runs a virus scan, and then it deletes itself.
    Given how many problems people are experiencing with various updates for Windows 10, it could still be considered malware.
    Reply