Department of Justice prepares to take down Joanap botnet

Department of Justice prepares to take down Joanap botnet

US Department of Justice announced efforts to disrupt the Joanap botnet, known to be controlled by a hacker group with ties to the North Korean government. A court order and a search warrant obtained in October 2018 allowed the FBI and US Air Force Office of Special Investigations (AFOSI) to gather information about the network of infected devices and start disrupting the Joanap botnet.


The malware has been known for years and is detected by most anti-virus software, but can still be found on many unprotected computers. It affects computers running Windows, and infects them via automated Brambul worm, which is why it’s considered to be a “second stage” malware. When a system is infected with Joanap, it allows its operators to access the system remotely, gain root access, and install additional malware. The infected computer becomes part of the botnet.

Interestingly enough, instead of a centralized mechanism to communicate with and control infected computers, Joanap botnet uses a decentralized peer-to-peer communication system. This allowed the FBI and AFOSI to mimic infected computers part of the botnet. Computers under the control of the FBI and AFOSI were able to collect identifying and technical information about computers part of the botnet. Using this information, authorities were able to build a map of infected computers.

“By pretending to be infected peers, the computers operated by the FBI and AFOSI under the authority of the search warrant and order collected limited identifying and technical information about other peers infected with Joanap (i.e., IP addresses, port numbers, and connection timestamps).  This allowed the FBI and AFOSI to build a map of the current Joanap botnet of infected computers,” the Department of Justice press release states.

The goverment is now notifying affected US residents about the Joanap malware on their computers via their ISPs (Internet Service Providers), and are sending out personal notifications to victims whose computers are not behind a router or a firewall. Furthermore, victims in other countries will also be notified via their governments.

Despite the severity of the malware, it is not difficult to protects oneself from it. Both paid and free anti-virus programs, including Microsoft Defender, detect and remove Joanap malware. It is recommended to always have an up-to-date anti-virus running on the computer in order to prevent possible infections.

Site Disclaimer is not sponsored, affiliated, linked to or owned by malware developers or distributors that are referred to in this article. The article does NOT endorse or promote malicious programs. The intention behind it is to present useful information that will help users to detect and eliminate malware from their computer by using WiperSoft and/or the manual removal guide.

The article should only be used for educational purposes. If you follow the instructions provided in the article, you agree to be bound by this disclaimer. We do not guarantee that the article will aid you in completely removing the malware from your PC. Malicious programs are constantly developing, which is why it is not always easy or possible to clean the computer by using only the manual removal guide.

Leave a comment

Your email address will not be published.