North Korea and Iran Use CodeProject to Develop Their Malware
Contents
Software developers and malware authors share a desire to work smart, not hard
In the software development world, engineers frequently use ready-made code for various tasks, whether it involves copying a snippet from Stack Overflow, taking a library from Github, or reusing a company’s own rich, legacy code base. On the darker side of things, malware authors reusing code is a phenomenon that we see time and time again. While it makes a lot of sense to avoid reinventing the wheel, even nation-sponsored hackers search for code on Google. (This is often a surprising fact to many people in the cyber security community.)
In this blog post, we’ll present an intriguing case of code reuse in malware from publicly available code, where possibly North Korean and Iranian APT threat actors both used the same code from an example on CodeProject in crafting their malware.
As previously mentioned, malicious code reuse across different variants …
In the software development world, engineers frequently use ready-made code for various tasks, whether it involves copying a snippet from Stack Overflow, taking a library from Github, or reusing a company’s own rich, legacy code base. On the darker side of things, malware authors reusing code is a phenomenon that we see time and time again. While it makes a lot of sense to avoid reinventing the wheel, even nation-sponsored hackers search for code on Google. (This is often a surprising fact to many people in the cyber security community.)
In this blog post, we’ll present an intriguing case of code reuse in malware from publicly available code, where possibly North Korean and Iranian APT threat actors both used the same code from an example on CodeProject in crafting their malware.
As previously mentioned, malicious code reuse across different variants …