"Group Behind WannaCry Now Using New Malware"

The Lazarus Group, also known as Hidden Cobra, is associated with the North Korean Government and has been tied to several high-profile attacks, including WannaCry.  They are now using three new malware variants, according to CISA researchers.  The first malware variant they are using is called CopperHedge.  CopperHedge is a remote access Trojan (RAT) and has the capabilities that include executing arbitrary commands, performing system reconnaissance, and exfiltrating data.  The second malware variant they are using is called TaintedScribe.  TaintedScribe is a Trojan that uses fake Transport Layer Security protocols for session authentication as well as Linear Feedback Shift Register algorithm for encryption.  TaintedScribe can upload, download, execute, and delete files.  It can also create Windows Command Line access, create and terminate processes, and perform target system enumeration.  The third malware variant they are using is called PebbleDash.  This malware acts as a remote access tool and allows the adversary to maintain a presence on the targeted network.  

Bank Info Security reports: "Group Behind WannaCry Now Using New Malware"