DHS warns of North Korea-linked malware

“The Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) have identified a Trojan malware variant—referred to as KEYMARBLE—used by the North Korean government. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA,” the U.S. Computer Emergency Readiness Team said in a statement.

DHS would not
confirm when the incident occurred, but would not rule out that it
happen
ed in the eight weeks since the Trump-Kim summit in Singapore, a DHS official wrote the Washington Examiner in an email Thursday evening.

DHS said North Korea was cited in four alerts and eight malware analysis reports of malicious cyberactivity since June 2017
.

A similar incident involving Trojan malware variants, which North Korea has used to disable computers and servers, was reported by US-CERT in the days after the Trump-Kim meeting. In that instance, DHS also did not specify when the cyberattack took place.

“As new information becomes available, the NCCIC shares actionable information gleaned from ongoing network defense efforts, cybercrime investigations, and national security efforts that support our nation’s cyber capabilities and the ability of our critical infrastructure partners to put in place appropriate mitigation strategies,” the DHS official said in a statement Thursday, referring to the National Cybersecurity and Communications Integration Center.

In 2017, hundreds of thousands of computers in more than 150 countries were infected with the WannaCry ransomware virus. The U.S. identified North Korea as the culprit behind the attack, which hurt healthcare and telecommunications industries.