Skip to Content
Security & privacy

FBI warns of new North Korea malware attacks

You may remember four years ago, there was a malware attack on Sony Pictures. That attack led to leaks of unreleased films, publications of executive salaries and passcodes.

And last year, there was the massive attack of ransomware called “WannaCry.” The WannaCry campaign has claimed 200,000 victims across 150 countries worldwide, targeting private companies and public organizations and has actually endangered the lives of people.

Now, the group that was behind those attacks is allegedly responsible for another high-profile attack.

The Department of Homeland Security and the Federal Bureau of Investigation are now reporting findings (again) of malicious malware, who they believe, come from communist North Korea.

Who are they?

These hackers from North Korea are not necessarily new news to the United States. The U.S. has been tracking this particular group of hackers since 2009.

They have been identified as the “Hidden Cobra,” but were also labeled as the “Guardians of the Peace” and the “Lazarus Group.”

What are the threats?

An alert was released online by the United States Computer Emergency Readiness Team warning users and administrators about the two new malware variants linked with these North Korean groups.

Click here to learn how to protect yourself from the recent Russian router hacking.

Joanap – a remote access tool

The first new malware infects computer systems worldwide, often without the user’s knowledge. According to the alert, the first variant is designed as a remote access tool.

Known as “Joanap,” it will allow remote access, with the attackers using a command and control server. This enables the operator to gain access to more data, spread malware and access user directories.

Joanap usually infects computers through various forms of attack vectors – that is when users either open an infected email attachment or click on a bad website link.

It can be set in two stages. One to enable botnets and the other is peer-to-peer communications.

The virus’ goal is to extract data from loosely secured computer systems, implement secondary payloads, interrupt directories and file, process and node management systems. It is also designed to gather IP addresses, login information and other indicators of compromise.

Although harmful to individuals, Joanap was designed to mostly target businesses. The government identified 87 different network nodes in 18 countries that have been impacted so far.

Brambul – A block worm malware

The other identified malware is a Server Message Block worm, named “Brambul,” which has been found to disrupt international communications, aerospace, financial and other critical infrastructure sectors.

Brambul is defined as a brute-force authentication worm spread through SMB shares. This particular malware uses hard-coded login passcodes in order to gain unauthorized administrative access to victim systems.

Once it has access to IP addresses and passwords, it can easily spread further via nasty email communications.

How do you protect yourself?

With the ever-growing threat of new strains of state-sponsored malware, you need to take precautionary steps. Here are mitigation tips that will help:

  • Keep your software and operating systems updated with the latest fixes and patches.
  • Never open risky links in emails – don’t open attachments from unsolicited emails, it could be a phishing scam. Malware can infect your gadget through malicious links found in phishing emails.
  • Have strong security software – this will help prevent the installation of ransomware on your gadget.
  • Back up data regularly – this is the best way to recover your critical data if your computer is infected with ransomware.

For these types of malware, your best bet for protection is to have backups of your files. We recommend our sponsor, IDrive, for fast and reliable cloud backups. Backup your all your gadgets and save 50% on all your backup needs and get 2TB of storage for less than $35!


Joanap and Brambul are just a few examples of the scariest cyber threats that are making the rounds right now. There are other potent forms of malware out there that you need to know about. Click here to read more.

Komando Community background

Join the Komando Community

Get even more know-how in the Komando Community! Here, you can enjoy The Kim Komando Show on your schedule, read Kim's eBooks for free, ask your tech questions in the Forum — and so much more.

Try it for 30 days