FBI warns of North Korean Password-Stealing Tools Brambul and Joanap

Your passwords can be the gateway to your company’s data. Hackers understand this, it’s why they deploy password-stealing tools to harvest this information.

The FBI, along with the Department of Homeland Security announced North Korean hackers are using a remote access tool called Joanap, and a Server Message Blockwork called Brambul to target companies in certain industries such as financial, media, and infrastructure. 

Meet Joanap

Joanap is a password-stealing tool that’s quite versatile. ZDNet reports it infects files which a user can receive through an email attachment or via download when they’re visiting a website that hackers have compromised.

From there, hackers can remote access the malware using a command-and-control server. This gives them the ability to do terrible things ranging from stealing your data to creating or erasing directories in node management. The FBI states it’s found compromised network nodes in many countries including China, Brazil, Iran, and Pakistan.

What is Brambul?

According to ZDNet, Brambul is a malicious Windows 32-bit SMB worm installed onto networks through dropper malware. Once infected, the malware will try to connect to systems within the local subnets. It also deploys a brute-force password attack to gain access to the SMB protocol using embedded passwords.

If successful, the malware can relay information about these compromised systems back to hackers. From there, it’s a feeding frenzy whereby hackers gain access to the passwords and usernames of each system and can use it to gather the data they want.

How Do I Stop These Password-Stealing Attacks?

The FBI recommends for companies and personal users to keep software up to date on all devices including any patches made for operating systems. Since many malware programs attack the vulnerabilities found in outdated applications and operating systems, a simple update can help keep your information safe.

It’s also important to have antivirus installed on each device. Along with quarantining harmful files, some software programs are proactive in that they warn you before you visit an unsecured website that could be compromised by hackers.

Another important consideration is to use common sense when online. As part of this, only download applications, attachments and more from known sources. If you receive an email that contains an attachment from an unknown sender or it seems random, it’s best to ignore it.

Last, but certainly not least, communication plays a crucial role in keeping your data safe. Your company should have safeguards in place where regular communications about malware threats are sent to each member along with steps to prevent it from happening. And if someone’s device becomes infected, having a reaction plan in place can help to mitigate risk.

What Happens if My Data Becomes Compromised?

Not having access to your files can be a frustrating experience. Allow the team at Salvage Data to allay your fears by helping you recapture your data in quick fashion. Our team has ample experience in extracting files from corrupted devices. Allow us to put our expertise to work for you, contact us today to learn more.