June 15, 2017
DHS Alerts Warns of Hidden Cobra Cyberattacks
Fresh off the recent Crash Override malware news, we have yet another alert that should be raising some eyebrows.
The Department of Homeland Security and the FBI have issued a joint alert regarding a hacking group known as Hidden Cobra. The alert provides technical details on the tools and infrastructure used by cyber actors associated with the North Korean government to target the media, aerospace, financial, and critical infrastructure sectors in the United States and globally.
The DHS and FBI have identified Internet Protocol (IP) addresses associated with the malware variant known as DeltaCharlie. According to the alert, Hidden Cobra has compromised victims since 2009. The attackers commonly target systems running older, unsupported versions of Microsoft operating systems. Hidden Cobra is known to use vulnerabilities affecting various applications including Hangul Word Processor, Adobe Flash Player, and Microsoft Silverlight.
The alert recommends businesses enforce security incident response and a business continuity plan (hint, hint), and to contact DHS or your local FBI office immediately in the event of an attack. To learn more about how to protect against this threat and some mitigation strategies, read the full alert.