Computer News & Safety – Harry Waldron Rotating Header Image

June 1st, 2018:

Security – US CERT issues alert for Hidden Cobra cyberattacks

The Hidden Cobra threat uses Joanap and Brambul as key attack tools within the command and control server framework as described below:

Alert (TA18-149A) HIDDEN COBRA – Joanap Backdoor Trojan and Brambul Server Message Block Worm

This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). Working with U.S. government partners, DHS and FBI identified Internet Protocol (IP) addresses and other indicators of compromise (IOCs) associated with two families of malware used by the North Korean government:

(1) Remote access tool (RAT), commonly known as Joanap
(2) Server Message Block (SMB) worm, commonly known as Brambul

According to reporting of trusted third parties, HIDDEN COBRA actors have likely been using both Joanap and Brambul malware since at least 2009 to target multiple victims globally and in the United States—including the media, aerospace, financial, and critical infrastructure sectors. Users and administrators should review the information related to Joanap and Brambul from the Operation Blockbuster Destructive Malware Report.

Joanap malware is a fully functional RAT that is able to receive multiple commands, which can be issued by HIDDEN COBRA actors remotely from a command and control server. Joanap typically infects a system as a file dropped by other HIDDEN COBRA malware, which users unknowingly downloaded either when they visit sites compromised by HIDDEN COBRA actors, or when they open malicious email attachments. Malware often infects servers and systems without the knowledge of system users and owners.

Brambul malware is a malicious Windows 32-bit SMB worm that functions as a service dynamic link library file or a portable executable file often dropped and installed onto victims’ networks by dropper malware. When executed, the malware attempts to establish contact with victim systems and IP addresses on victims’ local subnets. If successful, the application attempts to gain unauthorized access via the SMB protocol (ports 139 and 445) by launching brute-force password attacks using a list of embedded passwords. Additionally, the malware generates random IP addresses for further attacks.  Analysts suspect the malware targets insecure or unsecured user accounts and spreads through poorly secured network shares.

Microsoft Skype – Upgrade for landline or mobile phone calls

Microsoft Skype offers free internet calling to other Skype users.  However, a paid subscription plan must be established for landline or mobile phone calls. And the following step-by-step guide shares how to setup a paid subscription account for these capabilities.

Do you use the free version of Skype for internet calls and video chats? And are you bumping into brick walls when you try to call a mobile phone or landline or another country? It may be time to upgrade your account.

The free flavor of Skype does restrict you to calling other Skype users. But a paid subscription lets you call mobile phones and landlines and certain other countries. Alternatively, you can keep your free account and just purchase Skype credit when you need to call someone’s phone or a person in another country.

Let’s first check out the option of buying Skype credit. By purchasing Skype credits, you can make Skype calls to people who aren’t on Skype via their mobile phones or landlines. It’s a handy option if you don’t expect to make too many calls to non-Skype users, and would like to have a “pay as you go” option. You can also make international calls to certain countries, which you can’t do through a free Skype account

Alternatively, you can get an unlimited plan to call landlines and cell phones in certain regions like the US ($2.99 per month), North America ($6.99 per month), Europe (plans vary), and the World ($13.99 per month to call landlines in 63 countries, and mobile phones in eight).