North Korean Malicious Cyber Activity

On February 17, 2021, CISA,  the Federal Bureau of Investigation (FBI), and the Department of the Treasury identified malware and other indicators of compromise used by the North Korean government to facilitate the theft of cryptocurrency—referred to by the U.S. Government as "AppleJeus." 

The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA. Users or administrators should flag associated activity, report the activity to CISA or FBI Cyber Watch (CyWatch), and give the activity the highest priority for enhanced mitigation.

See the listing below for previous Alerts and Malware Analysis Reports (MARs) on North Korea’s malicious cyber activities.