US government warns of North Korean-linked malware attacks

The U.S. Computer Emergency Readiness Team issued two alerts Nov. 14, warning organizations to monitor their network systems from attacks known collectively as Hidden Cobra, which are deployed by the North Korean government.

The technical alert was issued as a joint effort between the Department of Homeland Security and the FBI. It says that since 2016, a remote administration tool — dubbed FALLCHILL — has been used by Hidden Cobra to issue commands to a victim's server that enables it to confiscate the information on all installed disks, access files and delete any evidence it accessed the server. It typically targets the aerospace, telecommunications and finance industries.

The FBI and DHS posted a list of IP addresses — the numeric designation that identifies the users' locations on the internet — it believes are linked to Hidden Cobra.

The agencies added they have "high confidence" those addresses are correlated with attacks that infected computers with Volgmer, a Trojan malware variant also linked to Hidden Cobra.

More articles on cybersecurity: 

Google, UC Berkeley researchers find 27.8% of phishing victims use Gmail
Amazon Web Services adds warning to publicly-accessible cloud servers
Vanderbilt researchers question results of recent study on hospital data breaches

© Copyright ASC COMMUNICATIONS 2020. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.


Featured Webinars

Featured Whitepapers