Threat Management, Threat Management, Threat Intelligence

U.S. agencies issue report on Hidden Cobra threat group’s HOPLIGHT malware

The U.S. Department of Homeland Security and FBI have jointly released an official Malware Analysis Report detailing several variants of HOPLIGHT, a trojan malware program used by hackers from Hidden Cobra, an APT group that's been widely linked to the North Korean government.

Upon execution, HOPLIGHT allows attackers to collect victim machine information, connect to a remote host, and manipulate various files, processes and services.

The report looks at nine separate files, seven of which are proxy applications that, according to the agencies, "generate fake TLS handshake sessions using valid public SSL certificates, disguising network connections with remote malicious actors." An eighth file contains a public SSL certificate and an encoded payload, while the final file attempts outbound connections and drops four files that contain IP addresses and SSL certificates.

The report also shares a downloadable list of indicators of compromise.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.