May 29, 2018

U.S. attributes malware to North Korea

Korean People's Army soldiers leave after paying their respects before the statues of late North Korean leaders. Photo: Ed Jones / AFP via Getty

The Homeland Security Department's Computer Emergency Readiness Team warned industry stakeholders about two types of malware Tuesday. The warning attributed the Joanap and Brambul malware to the North Korean government.

Why it matters: It is uncommon for the U.S. to make any public attribution for a cyberattack. Generally, that only happens when there is both definitive evidence for the attack and a strategic reason to name who was responsible for it. While the potential strategic aspects of the attribution may raise some eyebrows — it comes out as a former North Korean official travels to New York to meet with the administration — there may be a more mundane explanation.

Be smart: The U.S. has attributed a campaign of attacks it calls Hidden Cobra (which most others call Lazarus) to North Korea in the past. The Joanap and Brambul tools are a component of the Lazarus campaign, meaning the attribution might be more about linking this report to prior reports than embarrassing Pyongyang.

The details: Joanap and Brambul appear to have been in use since at least 2009.

  • Targets in the U.S. and beyond include the media, aerospace, financial, and critical infrastructure sectors, according to the report.
  • Joanap offers North Korea a to run a variety of commands on computers it infects, including stealing information, modifying files and directories, controlling botnets and installing more malware.
  • Brambul is a worm that travels through networks to find credentials North Korea can use in later attacks, as well as provide Lazarus with other recon on infected systems.

Go deeper

U.S. coronavirus updates

Data: The Center for Systems Science and Engineering at Johns Hopkins; Map: Andrew Witherspoon/Axios. This graphic includes "probable deaths" that New York City began reporting on April 14.

More than 62,300 U.S. health care workers have tested positive for the novel coronavirus and at least 291 have died from the virus, the Centers for Disease Control and Prevention reported on Tuesday. COVID-19 had infected about 9,300 health professionals when the CDC gave its last update on April 17.

By the numbers: More than 98,900 people have died from COVID-19 and over 1.6 million have tested positive in the U.S. Over 384,900 Americans have recovered and more than 14.9 million tests have been conducted.

Coronavirus dashboard

Illustration: Aïda Amer/Axios

  1. Global: Total confirmed cases as of 11:00 p.m. ET: 5,589,626 — Total deaths: 350,453 — Total recoveries — 2,286,956Map.
  2. U.S.: Total confirmed cases as of 11:00 p.m. ET: 1,680,913 — Total deaths: 98,913 — Total recoveries: 384,902 — Total tested: 14,907,041Map.
  3. Federal response: DOJ investigates meatpacking industry over soaring beef pricesMike Pence's press secretary returns to work.
  4. Congress: House Republicans to sue Nancy Pelosi in effort to block proxy voting.
  5. Business: How the new workplace could leave parents behind.
  6. Tech: Twitter fact-checks Trump's tweets about mail-in voting for first timeGoogle to open offices July 6 for 10% of workers.
  7. Public health: Coronavirus antibodies could give "short-term immunity," CDC says, but more data is neededCDC releases guidance on when you can be around others after contracting the virus.
  8. What should I do? When you can be around others after contracting the coronavirus — Traveling, asthma, dishes, disinfectants and being contagiousMasks, lending books and self-isolatingExercise, laundry, what counts as soap — Pets, moving and personal healthAnswers about the virus from Axios expertsWhat to know about social distancingHow to minimize your risk.
  9. Other resources: CDC on how to avoid the virus, what to do if you get it, the right mask to wear.

Subscribe to Mike Allen's Axios AM to follow our coronavirus coverage each morning from your inbox.

Updated 47 mins ago - Politics & Policy

World coronavirus updates

Data: The Center for Systems Science and Engineering at Johns Hopkins; Map: Axios Visuals

There are no COVID-19 patients in hospital in New Zealand, which reported just 21 active cases after days of zero new infections. A top NZ health official said Tuesday he's "confident we have broken the chain of domestic transmission."

By the numbers: Almost 5.5 million people have tested positive for the novel coronavirus as of Tuesday, and more than 2.2 million have recovered. The U.S. has reported the most cases in the world (over 1.6 million from 14.9 million tests).