Hermit

Hermit is a potent malware associated with the Hermit Kingdom, a term historically referencing the Joseon Dynasty of Korea but now often used to describe North Korea. The malware has been linked to ScarCruft, a notorious North Korean state-sponsored threat actor known for targeting high-value individuals and organizations in line with North Korea's geopolitical objectives. Evidence from National Security Agency hacking operations against North Korea prior to the Sony attack further incriminated the Hermit Kingdom, suggesting its involvement in cyberattacks. In addition, Unit 42 expressed "moderate confidence" that Contagious Interview was operated by a North Korean state-sponsored actor and "high confidence" that Wagemole is one of the Hermit Kingdom’s campaigns. In response to a series of sophisticated attacks against Apple users involving malware such as Pegasus, DevilsTongue, and Hermit in July 2022, Apple developed a new security feature called lockdown mode to safeguard its users from highly targeted cyberattacks. Despite these measures, the Hermit Kingdom's cyber activities have continued unabated. Moonstone Sleet hackers, another group associated with North Korea, deployed a new custom ransomware variant named "FakePenny," demanding higher extortion rates than previous instances. Furthermore, the Pyongyang threat group has consistently used aggressive social engineering tactics to gather intelligence on external perceptions of the Hermit Kingdom. In recent years, U.S. federal prosecutors have brought multiple criminal indictments against individuals accused of aiding North Korean cyber operations by running laptop farms within the United States. These operations allegedly helped North Korean nationals secure IT work for Fortune 500 companies, thereby assisting the Hermit Kingdom in circumventing sanctions. It has been claimed that North Korea generates approximately half of its foreign-currency income through cyber-attacks on cryptocurrency and related targets. For instance, after its launch in October 2022, Sinbad was used to launder funds from the $100 million heist of Horizon, subsequently cleaning tens of millions in stolen crypto-cash for North Korea. The persistence and ruthlessness of North Korean state-sponsored hackers underscore the significant cyber threat posed by the Hermit Kingdom.