November 15, 2017 by

US Govt Issues Alert Over North Korean Cyber Attacks

The Department of Homeland Security has issued a warning about cyber attacks originating in North Korea and perpetrated by the North Korean government, referred to as “Hidden Cobra.”

A technical alert posted by US-CERT (United States Computer Emergency Readiness Team), the DHS department responsible for being proactively aware of cybersecurity threats facing the country, has revealed that a remote administration tool (RAT) from North Korea has been deployed by Hidden Cobra since 2016 to target a number of industries including finance, telecom and aerospace.

The RAT, called FALLCHILL, enables the Hidden Cobra group to use dual proxies to issue commands to a victim’s server. In essence, this allows the group to get away with clandestine actions like accessing files, retrieving information about all installed disks on a server, modifying file or directory timestamps and even deleting evidence on the server altogether. 

The alert by the US-CERT is jointly issued after investigative efforts by both the DHS and the FBI, working in tandem with other US government partners.

An excerpt from the alert read:

Working with U.S. government partners, DHS and FBI identified Internet Protocol (IP) addresses and other indicators of compromise (IOCs) associated with a remote administration tool (RAT) used by the North Korean government—commonly known as FALLCHILL. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA.

The FALLCHILL malware has been active since 2016, the US government alert further revealed, adding that it had identified 83 network nodes that collectively made for the malware’s infrastructure.

Both the FBI and the DHS have also posted a list of IP addresses associated with Hidden Cobra. The FBI asserts, with “high confidence”, that those IP address are directly linked to attacks targeting computer systems using a Trojan malware called Volgmer. With it, Hidden Cobra has reportedly targeted government, auto, financial and media industries.

The new warning comes within 6 months of a previous technical alert implicating Hidden Cobra in a series of cyberattacks dating back to 2009, as well as the 2014 Sony Pictures hack.

Image credit: Flickr.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

North Korea Targets South Korean Computes to Mine Cryptocurrencies

A North Korean hacking unit seized a server belonging to a South Korean company to mine a...

Read more arrow_forward

Hackers Reportedly Targeted Election Systems in 20 States

According to a Homeland Security Department official, hackers have targeted the voter registration...

Read more arrow_forward