Best Top Reviews Online

FBI Mapping ‘Joanap Malware’ Victims in an Effort to Disrupt North Korea’s Botnet

The United States Department of Justice (DoJ) announced on Wednesday its efforts to “map and further disrupt” a North Korean-affiliated botnet that has infected numerous Microsoft Windows computers worldwide over the past decade.

Joanap is believed to be a component of “Hidden Cobra,” a group of Advanced Persistent Threat (APT) actors also known as Lazarus Group and Guardians of Peace and supported by the North Korean government.

Hidden Cobra is the same hacking group that has been linked to the WannaCry ransomware threat in 2016, the SWIFT Banking attack in 2016, and the Sony Pictures Entertainment hack in 2014.

Joanap, a remote access tool (RAT) that dates back to 2009, infects a victim’s system with the assistance of the SMB worm Brambul, which spreads by brute-forcing Windows Server Message Block (SMB) file-sharing services using a list of common passwords.

Once there, Brambul downloads Joanap onto infected Windows computers, effectively opening a backdoor for its masterminds and granting them remote control over the infected Windows computer network.

If You Want to Beat Them, Join Them First

Peer-to-peer (P2P) communications infrastructure, making every infected computer a part of its command and control system, is utilized by the Joanap botnet.

Even though Joanap is currently being detected by numerous malware protection systems, including Windows Defender, the malware’s peer-to-peer (P2P) communications infrastructure still connects a large number of infected computers to the Internet.

In order to identify infected hosts and shut down the botnet, the FBI and the Air Force Office of Special Investigations (AFOSI) obtained legal search warrants that allowed them to join the botnet by creating and running “intentionally infected” computers mimicking its peers in order to collect both technical and “limited” identifying information in an attempt to map them, according to a press release from the Department of Justice.

U.S. Attorney Nicola T. Hannn stated, “While the Joanap botnet was identified years ago and can be defeated with antivirus software, we identified numerous unprotected computers that hosted the malware underlying the botnet.”

“The search warrants and court orders announced today as part of our efforts to eradicate this botnet are just one of the many tools we will use to prevent cybercriminals from using botnets to launch destructive computer intrusions.”
The IP addresses, port numbers, and connection timestamps collected from computers infected with the Joanap malware allowed the FBI and AFOSI to create a map of the current Joanap botnet.

The agencies are now notifying victims of the presence of Joanap on their infected computers via their Internet Service Providers (ISPs) and even sending personal notifications to individuals whose systems are not protected by a router or firewall.

The US Department of Justice and FBI will also coordinate the notification of overseas victims of the Joanap malware by sharing the relevant information with foreign governments.

After the United States unsealed charges against a North Korean computer programmer named Park Jin Hyok in September of last year for his role in masterminding the Sony Pictures and WannaCry ransomware attacks, efforts to disrupt the Joanap botnet were initiated.

Joanap and Brambul were recovered from the computers of victims of the campaigns listed in Hyok’s September indictment, indicating that he assisted in the creation of the Joanap botnet.

Why Trust Us?

Best Top Reviews Online was established in 2018 to provide our readers with detailed, truthful, and impartial advice on what to buy. We now have millions of monthly users from all over the world and annually evaluate over a thousand products.

The above article was written by the BestTopReviewsOnline team, which consists of some of the most knowledgeable technical experts in the United States. Our team consists of highly regarded writers with vast experience in smartphones, computer components, technology apps, security, and photography, among other fields.

Related Stories

  • All Post
  • Best Picks
  • Explainers
  • How To
  • News
  • Versus

Get more info



Best Products

Buying Guides

Contact Us

About Us

We provide a platform for our customers to rate and review services and products, as well as the stores that sell them. We research and compare the most popular brands and models before narrowing it down to the top ten, providing you with the most comprehensive and reliable buying advice to help you make your decision.

Disclaimer is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to As an Amazon Associate I earn from qualifying purchases.


Address & Map

20 S Santa Cruz Ave, Suite 300, Los Gatos, CA 95030, United States

© 2022 Pty. Ltd. All Rights Reserved. Licensing: All third-party trademarks, images, and copyrights used on this page are for comparative advertising, criticism, or review. As this is a public forum where users can express their opinions on specific products and businesses, the opinions expressed do not reflect those of