Posted on November 16, 2017 at 6:52 AM
The US DHS issued a warning that several cyber attacks have been linked to North Korean IP addresses.
The US Department of Homeland Security (DHS) cybersecurity branch, US-CERT, has released a statement wherein the department warns of an increase in cyber attacks that have been linked to North Korea. The US-CERT team is the DHS division which addresses and monitors security threats.
According to the joint warning from both the Federal Bureau of Investigation (FBI) as well as the DHS, Hidden Cobra has been utilizing as particular remote admin tool (RAT), known as FALLCHILL. The attack campaign is thought to have been active since 2016 and has been launched ostensibly to disrupt several industries including air transport, finance, and telecommunications industries.
According to the report, Hidden Cobra is able to communicate harmful instructions to a target’s server by using FALLCHILL. One of the most dangerous repercussions of the attack is that the attack method can allow the attackers to gain access to sensitive information from the targeted server such as installed software and stored files. In addition, hackers can use the method to gain access to the files, as well as modify, and delete files.
In their statement, the FBI and DHS included a list of IP addresses that have been linked to the Hidden Cobra attack. In addition, the FBI expressed their certainty that the responsible IP addresses were also likely linked to the Volgmer malware attack. Volgmer is a malware Trojan which has been active since 2013. According to the FBI, Hidden Cobra appears to be a variant of Volgmer, however Volgmer seemed to be directed at government agencies, media, auto, and financial industries instead.
According to the FBI, the Volgmer campaign is thought to be active since 2013. Volgmer is similar to Hidden Cobra as it has the capacity to conduct covert espionage on the affected device as soon as it infiltrated the system. In addition to gathering information, Volgmer has the capacity to execute commands such as downloading and uploading files, ending processes, and make directories publicly available, to name a few.
The US-CERT warnings follow five months after new evidence suggested Hidden Cobra’s implication in the previous high-profile Sony Pictures hack which occurred in 2009 and 2014, respectively.