North Korea's army of hackers is at it again.
This time, they're using a spearphishing campaign to deliver a backdoor trojan known as Volgmer.
According to a new joint Technical Alert (TA) issued by the FBI and the Department of Homeland Security, Volgmer has several capabilities:
- gathering system information,
- updating service registry keys,
- downloading and uploading files,
- executing commands,
- terminating processes,
- listing directories.
The technical advisory lists indicators of compromise to look for and makes note of the fact that although North Korean cyber actors (dubbed HIDDEN COBRA) spread this primarily through spearphishing, it's possible other tools are also used to compromise networks.
The Department of Homeland Security and the FBI also issued an alert about FALLCHILL malware, which is another North Korean backed effort.
