NACHOCHEESE
APT38 is one of the most active and popular hacking groups operated from North Korea. The hackers specialize in financially-motivated attacks against regions around the entire world. Their operations are much different from other government-related APT (Advanced Persistent Threat) groups because the North Korean hackers do not seem to put any effort in limiting the damage that their malware causes. While other government-backed threat actors tend to implement checks, which ensure that their malware will only run on certain systems (depending on their configuration), the malware produced by the APT38 hackers does no such thing. In fact, it may even end up causing severe damage to computers that it is not interested in – one of the malware families used by the APT38 group did a physical-level format of hard disks if it detected any sort of malware debugging tools running on the computer.
APT38's Financially Motivated Attacks Continue with the NACHOCHEESE Backdoor
One of the group's small but important threatening tools is known as NACHOCHEESE – it is a simple command-line tool that gets delivered as a second-stage payload to compromised hosts. It is meant to provide the threat actors with backdoor access to the compromised system's command line, therefore enabling them to execute remote commands. One of the notable things about the NACHOCHEESE backdoor is that it features poorly translated Russian strings and text – this was probably done in an attempt to trick malware researchers into thinking that the malware was produced by a Russia-linked hacking group. This is not the first time that the APT38 hackers have tried to perform a false flag attack that aims to trick researchers into thinking that the attack came from another region – in the past, they have used Russian, Chinese, and Iranian strings in their malware purposefully.
NACHOCHEES is One of APT38's Malware Used for False Flag Attacks
The APT38 hackers employ other interesting techniques to reduce the chances that researchers will notice the presence of the NACHOCHEESE on the computer – it is not uncommon for them to drop public Remote Access Trojans that are detected by anti-virus software easily. This may allow the NACHOCHEESE and other private hacking tools to work for longer, while researchers are pondering over how an easily detectable Remote Access Trojan made its way to an otherwise secure system.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.