The FBI and Homeland Security released a technical alert with details about two strains of malware that North Korean government-linked hackers are using to remotely penetrate systems and to steal passwords and other sensitive data.The two families of malware being used as tools for Hidden Cobra, the U.S. government\u2019s code name for malicious cyber operations by the North Korean government, are the remote access tool (RAT) Joanap and the Server Message Block (SMB) worm Brambul. And, yes, you likely have heard of those before, since the U.S. government claims Hidden Cobra actors have been using the malware since at least 2009.The alert also cites a report that blamed Hidden Cobra actors for the 2014 cyber attack on Sony Pictures Entertainment. The same North Korean group was blamed for the devastating WannaCry malware attack that spread across the globe one year ago.US-CERT\u2019s technical advisory reads:According to reporting of trusted third parties, HIDDEN COBRA actors have likely been using both Joanap and Brambul malware since at least 2009 to target multiple victims globally and in the United States\u2014including the media, aerospace, financial, and critical infrastructure sectors.Joanap RATThe two-stage malware Joanap is a fully functional RAT that allows Hidden Cobra hackers to remotely issue commands \u201cto exfiltrate data, drop and run secondary payloads, and initialize proxy communications on a compromised Windows device.\u201d Other Joanap functions noted in the advisory include \u201cfile management, process management, creation and deletion of directories, and node management.\u201dJoanap can infect a system as a file either dropped via other malware when victims unknowingly downloaded it from compromised sites or when they open malicious email attachments. The U.S. government identified 87 compromised network nodes. Countries with infected IP addresses include Argentina, Belgium, Brazil, Cambodia, China, Colombia, Egypt, India, Iran, Jordan, Pakistan, Saudi Arabia, Spain, Sri Lanka, Sweden, Taiwan, and Tunisia. \u00a0Brambul SMB wormThe brute-force authentication worm Brambul spreads through SMB shares. It allows North Korean government-backed attackers to harvest system information, accept command-line arguments, generate and execute a suicide script, propagate across the network using SMB, brute force SMB login credentials, and generate Simple Mail Transport Protocol email messages containing target host system information.Brambul malware is a \u201cdynamic link library file or a portable executable file often dropped and installed onto victims\u2019 networks by dropper malware\u201d and is generally spread \u201cby using a list of hard-coded login credentials to launch a brute-force password attack against an SMB protocol for access to a victim\u2019s networks.\u201d According to the advisory, Brambul malware \u201ctargets insecure or unsecured user accounts and spreads through poorly secured network shares.\u201dDetecting and mitigating the threatsThe FBI has \u201chigh confidence\u201d that Hidden Cobra is using the list of IP addresses included in the alert\u2019s indicators of compromise (IOC) files. \u201cDHS and FBI are distributing these IP addresses and other IOCs to enable network defense and reduce exposure to any North Korean government malicious cyber activity,\u201d it said.Admins and users are encouraged to review the Joanap and Brambul information released by the U.S. government to check for infection, as well as review the recommended mitigation strategies.U.S. blames North Korea even as talks about U.S.-North Korean summit ramp upAlthough this is the far from the first warning the U.S. government has issued about Hidden Cobra, it comes as discussions increase about a possible summit between President Trump and North Korean leader Kim Jong Un.ABC News added:In preparation for the summit, Kim Yong Chol, a former four-star army general and military intelligence chief, is set to meet in New York with Secretary of State Mike Pompeo \u2014 a rare visit to the U.S. by a high-level North Korean official. Kim Yong Chol is suspected to have been behind a 2014 hack of Sony Pictures Entertainment over the movie "The Interview," a satire about a plot to assassinate the North Korean leader.Pyongyang declined commenting upon the newest alert released by the U.S. government, but it usually denies being involved in cyber attacks. Even if North Korea does issue another denial, a DHS official told Reuters, \u201cThe United States takes attribution seriously and does not make this conclusion lightly.\u201dJust last week, the FBI, DHS and DoJ advised rebooting your router to clear it from advanced stages of the Russian-linked malware VPNFilter.