back to article North Koreans spotted harassing SMBs with malware

SMBs, beware: Microsoft said this week it has discovered a North Korean crew targeting small businesses with ransomware since September of last year. The group, which calls itself H0lyGh0st, appears to be primarily motivated by money, Microsoft Threat Intelligence Center (MSTIC) researchers said. After the gang gets its …

  1. UCAP Silver badge

    Regarding the OrBit Linux malware, it is clear from the description that the malware needs superuser access to infect the machine. The counter is obvious; don't use the root account unless you really have to, and if you have to then be paranoid.

    1. Anonymous Coward
      Anonymous Coward

      Statistically speaking, what % of personal desktop Linux users have root w/out password enabled? On Debian

      in "/etc/sudoers", "username ALL=(ALL) NOPASSWD: ALL".

  2. elsergiovolador Silver badge


    Why don't Microsoft pull themselves together and fixes these security holes?

    Or do they have to maintain them so that 3 letter agencies can help themselves to your computer and only fix them if lowly paid agent sells the specs to North Koreans and other chancers?

    1. Sandtitz Silver badge

      Re: Fix

      "Why don't Microsoft pull themselves together and fixes these security holes?"

      Which holes? No mention of Micros~1 holes in the article.

      1. elsergiovolador Silver badge

        Re: Fix

        I thought it will be enough to only read 640 words of the article.

        1. doublelayer Silver badge

          Re: Fix

          Well, it didn't serve you well this time. In fact, the only OS they mentioned having malware on it was Linux. And it wasn't a security hole in Linux, in case you were going to change the target. In that case as in many of the Windows malware cases, the vulnerability was in the users, administrators, and configs created by both which allow software to do things it's allowed to do but not desired by the users. Perfect security is impossible.

          1. Doctor Syntax Silver badge

            Re: Fix

            And if you follow the link to the first report in the article and read all of that you'll find the executables named there are all .exe files. There's nothing to stop a Linux executable being tagged as .exe but it's usually only done on Windows.

  3. VoiceOfTruth Silver badge


    -> Microsoft Threat Intelligence Center (MSTIC)

    What a pity that MSTIC cannot detect threats emanating from its own networks. Some of the source IPs in the report here are Microsoft's:

  4. Martin-73 Silver badge

    SMB is a networking protocol... so turn it off (Before the downvotes yes i know, but this is the same kind of crap that took the strippers out of SOHO)

    1. This post has been deleted by its author

    2. Doctor Syntax Silver badge

      In the context of this article SMB also means Small and Medium-sized Businesses.

      TLA overloading is a bitch.

      1. Giles C Silver badge

        An article next to this one (sponsored article about backups) refers to SME

        So now in two articles we have

        SME Small Medium Enterprise

        SMB Small Medium Business

        Or is it

        SME subject matter expert

        SMB Server Message block

        Or anyone of the hundreds of infuriating TLAs we have to endure

        1. Martin-73 Silver badge

          It really did take me way too long to realize SOHO meant 'small or home office'... i had no idea what people were on about selling routers that were ideal for one small part of London....

  5. Doctor Syntax Silver badge

    "Vice has acquired code from An0m, an encrypted messaging app that was actually an FBI honeypot, and it appears to be cobbled together from open source apps."

    Did they provide the source code if demanded?

    1. FILE_ID.DIZ

      Would you really want to provide a communications path to one of these criminals so that you may receive their source code, aka payload?

      Or maybe you let that lesser infraction slide.

  6. Anonymous Coward
    Anonymous Coward

    Set your soul f(r)ee!

    H0lyGh0st is well known to be operating out of a semi-legal quasi-state located near Rome, and for centuries/millennia have demanded penance for the indulgence of those believing they have infected/corrupted souls, said belief induced by browsing certain scriptures - operated by none other than H0lyGh0st themselves.

  7. Danny 2 Silver badge

    The Terminal List

    It's a Prime Video series about a nefarious security corporation. Halfway through there is the line (from memory):

    "He accessed the internal server. We don't know what he downloaded but we suspect he gave it to a journalist"

    THE internal server? Only one server for a corporation? And it wasn't logged to see what was accessed, but you assume it went to a journalist for no apparent reason?

    Scripts that SEALs enjoy aren't scripts we'd enjoy. But I'll watch the rest anyway because I'd like to be a SEAL, although I'd rather be a seal.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like