FBI Mapping ‘Joanap Malware’ Victims: North Korean Botnet to Get Disrupted


The United States Department of Justice (DoJ) has announced its complete effort to map and disrupt the botnet tied to North Korea that has been proven to infect numerous Microsoft Windows computers around the world over the last ten years. Dubbed Joanap, the malware is believed to be a part of the “Hidden Cobra” which is an Advanced Persistent Threat (APT), the actors’ group is often known as the Lazarus Group and the Guardians of Peace which is backed by the North Korean Government.

It has been found out that Hidden Cobra is the exact same group that has been associated with the WannaCry ransomware menace that took place in 2016 and the Swift Banking Attack of 2016 along with the Sony Motion Pictures Hack of 2014. In the year 2009, the Joanap botnet worked as a remote access trojan (RAT) that used to land on the victim’s system taking the help from an SMB worm named Brambul that crawls from one system to another using the brute-forcing Windows Server Message Block (SMB) file sharing services that used a list of common sharing passwords. Once it places itself to the system, Brambul downloads the Joanap malware on the compromised Windows computers.

One of the most interesting things about the infected computers is that the compromised systems infected by the Joanap botnet do not take commands from the centralized command and control server. It instead relies on the peer to peer communications infrastructure (P2P) that makes every infected computer a part of both its command and control system. Though at present, Joanap malware is presently being detected by several malware protected system, inclusive of the Windows Defender, the P2P communications of the botnet still leaves behind a large number of the infected computers connected to the internet proving to be a serious threat.


Please enter your comment!
Please enter your name here