Officials at the US Department of Homeland Security (DHS) have issued another warning about North Korean malware, this time a new variant dubbed “Hoplight.”
The backdoor trojan malware is linked to the notorious Hidden Cobra group, also known as the Lazarus Group.
“This artifact is a malicious PE32 executable. When executed the malware will collect system information about the victim machine including OS version, volume information, and system time, as well as enumerate the system drives and partitions,” the alert warned.
“The malware is capable of the following functions: Read, Write, and Move Files; Enumerate System Drives; Create and Terminate Processes; Inject into Running Processes; Create, Start and Stop Services; Modify Registry Settings; Connect to a Remote Host; Upload and Download Files.”
The malware uses a public SSL certificate for secure communications from South Korean web giant Naver, and employs proxies to obfuscate its activity.
“The proxies have the ability to generate fake TLS handshake sessions using valid public SSL certificates, disguising network connections with remote malicious actors,” the report claimed.
This is the latest in a long line of alerts warning of new North Korean malware, now in the double-digits.
It urges IT teams to follow best practices in cybersecurity including keeping systems and AV tools up-to-date and patched, disabling file and printer sharing, enforcing strong passwords, restricting user permissions, scanning for suspicious email attachments and more.