The Department of Homeland Security in partnership with FBI identified the malware potentially used by the North Korean government to hack into federal and industry targets. The agencies released the Malware Analysis Report on Wednesday providing information on the malware variant, called HOPLIGHT, which is linked to the Pyongyang-tied cyber attack HIDDEN COBRA.
“DHS and FBI are distributing this MAR to enable network defense and reduce exposure to North Korean government malicious cyber activity,” the report states.
The document includes malware descriptions, response actions and mitigation techniques to help users and systems administrators deter any malicious activities involving HOPLIGHT. DHS and FBI found nine malicious files involving the malware, seven of which were used to mask traffic between the malware and remote operators.