Announcements

On September 14, 2020, the Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) issued an advisory about Chinese Ministry of State Security (MSS)-affiliated cyber threat actors targeting U.S. government agencies. For more information, visit https://us-cert.cisa.gov/china.

On September 1, 2020, the Cybersecurity and Infrastructure Security Agency (CISA)—in collaboration with the cybersecurity authorities of Australia, Canada, New Zealand, and the United Kingdom—released a joint advisory on technical approaches to uncovering and remediating malicious activity. For more information, visit https://us-cert.cisa.gov/ncas/alerts/aa20-245a. 

On August 26, 2020, the Cybersecurity Security and Infrastructure Security Agency (CISA), the Department of the Treasury, the Federal Bureau of Investigation, and U.S. Cyber Command identified malware and other indicators of compromise used by the North Korean government in an ATM cash-out scheme—referred to by the U.S. Government as “FASTCash.” The U.S. Government refers to the group behind this activity as BeagleBoyz, a subset of HIDDEN COBRA.

On August 19, 2020, the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) released one new Malware Analysis Report (MAR) on malware used by North Korean actors. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA. For more information, visit https://www.us-cert.gov/NorthKorea.

On August 3, 2020, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Defense (DoD), released a new Malware Analysis Report (MAR) on malware used by the Chinese government. For more information, visit https://us-cert.cisa.gov/china.

On May 12, 2020, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Defense (DoD), released three new Malware Analysis Reports (MARs) on malware used by the North Korean government. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA. For more information, visit https://www.us-cert.gov/NorthKorea.

On April 15, 2020, the U.S. Departments of State, the Treasury, and Homeland Security, and the Federal Bureau of Investigation released joint guidance on North Korea’s malicious cyber activities, including recommended steps to mitigate the threat.

On February 14, 2020, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Defense (DoD), released six new Malware Analysis Reports (MARs) and an updated MAR on malware used by the North Korean government. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA. For more information, visit https://www.us-cert.gov/northkorea.

On October 31, 2019, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Defense (DoD) identified a Trojan malware variant—referred to as HOPLIGHT—used by the North Korean government. The U.S. Government refers to the malicious cyber activity by the North Korean government as HIDDEN COBRA. For more information, visit https://www.us-cert.gov/HiddenCobra. 

On September 9, 2019, the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) identified two malware variants—referred to as ELECTRICFISH and BADCALL—used by the North Korean government. The U.S. Government refers to the malicious cyber activity by the North Korean government as HIDDEN COBRA. For more information, visit https://www.us-cert.gov/HiddenCobra.