All Categories

FBI warns of North Korean Password-Stealing Tools Brambul and Joanap

Your passwords can be the gateway to your company’s data. Hackers understand this, it’s why they deploy password-stealing tools to harvest this information.

The FBI, along with the Department of Homeland Security announced North Korean hackers are using a remote access tool called Joanap, and a Server Message Blockwork called Brambul to target companies in certain industries such as financial, media, and infrastructure. 

Meet Joanap

Joanap is a password-stealing tool that’s quite versatile. ZDNet reports it infects files which a user can receive through an email attachment or via download when they’re visiting a website that hackers have compromised.

From there, hackers can remote access the malware using a command-and-control server. This gives them the ability to do terrible things ranging from stealing your data to creating or erasing directories in node management. The FBI states it’s found compromised network nodes in many countries including China, Brazil, Iran, and Pakistan.

What is Brambul?

According to ZDNet, Brambul is a malicious Windows 32-bit SMB worm installed onto networks through dropper malware. Once infected, the malware will try to connect to systems within the local subnets. It also deploys a brute-force password attack to gain access to the SMB protocol using embedded passwords.

If successful, the malware can relay information about these compromised systems back to hackers. From there, it’s a feeding frenzy whereby hackers gain access to the passwords and usernames of each system and can use it to gather the data they want.

How Do I Stop These Password-Stealing Attacks?

The FBI recommends for companies and personal users to keep software up to date on all devices including any patches made for operating systems. Since many malware programs attack the vulnerabilities found in outdated applications and operating systems, a simple update can help keep your information safe.

It’s also important to have antivirus installed on each device. Along with quarantining harmful files, some software programs are proactive in that they warn you before you visit an unsecured website that could be compromised by hackers.

Another important consideration is to use common sense when online. As part of this, only download applications, attachments and more from known sources. If you receive an email that contains an attachment from an unknown sender or it seems random, it’s best to ignore it.

Last, but certainly not least, communication plays a crucial role in keeping your data safe. Your company should have safeguards in place where regular communications about malware threats are sent to each member along with steps to prevent it from happening. And if someone’s device becomes infected, having a reaction plan in place can help to mitigate risk.

What Happens if My Data Becomes Compromised?

Not having access to your files can be a frustrating experience. Allow the team at Salvage Data to allay your fears by helping you recapture your data in quick fashion. Our team has ample experience in extracting files from corrupted devices. Allow us to put our expertise to work for you, contact us today to learn more.

Share
Bogdan Glushko

CEO at SalvageData Recovery, Bogdan Glushko has over 18 years of experience in high-security data recovery. Over the years, he's been able to help restore data after logical errors, physical failures, or even ransomware attacks, for individuals, businesses, and government agencies alike.

Share
Published by
Bogdan Glushko

Recent Posts

Quickest Mobile Data Recovery Case: 100% of Data Recovered in One Hour

In a recent data recovery service case, the SalvageData recovery team achieved a remarkable feat…

3 months ago

How to fix a corrupted database on PS4 

A corrupted database on PS4 occurs when the system's organized data collection becomes damaged or…

3 months ago

How to Troubleshoot Black or Blank Screens in Windows

Encountering a black or blank screen on your Windows computer can be frustrating and alarming.…

3 months ago

LockBit Ransomware: A Comprehensive Guide to the Most Prolific Cyber Threat

LockBit ransomware has emerged as one of the most dangerous and prolific cyber threats in…

3 months ago

How To Use iPad Recovery Mode

Recovery mode is a crucial feature for troubleshooting and restoring an iPad when it encounters…

4 months ago

How to Prevent Overwriting Files: Best Practices

Whether you’re a professional juggling important work documents or an individual cherishing irreplaceable memories, safeguarding…

4 months ago