INFRA
INFRA
INFRA
Feds warn that North Korea is targeting businesses in new hacking campaign
The U.S. Computer Emergency Readiness Team issued an alert Tuesday that the North Korean government is targeting businesses with malware and botnet-related attacks as part of a concerted new hacking campaign.
Dubbed “Hidden Cobra,” the campaign is targeting media, aerospace, financial and critical infrastructure sectors in the U.S. and around the world using a mixture of tools, according to the alert. The tools include distributed-denial-of-service botnets, keyloggers for capturing keystrokes, remote access tools and wiper malware that destroys data. The campaign tends to target machines running old, unsupported versions of Microsoft Windows and also targets known flaws in Microsoft Silverlight and Adobe Flash Player to gain access.
CERT said that in conjunction with the Federal Bureau of Investigation and Department of Homeland Security they have managed to match the IP address being used by Hidden Cobra to one previously used by another campaign called DeltaCharlie, a known North Korean DDoS botnet.
“If users or administrators detect the custom tools indicative of Hidden Cobra, these tools should be immediately flagged, reported to the DHS National Cybersecurity Communications and Integration Center or the FBI Cyber Watch and given highest priority for enhanced mitigation,” CERT said in its warning.
The organization also provided a list of the IP addresses being used by the attack to “enable network defense activities and reduce exposure to the DDoS command-and-control network.” It recommended that network administrators review the IP addresses, file hashes, network signatures and YARA rules provided with a view to adding them to their watch list to determine if malicious activity has occurred on their network.
Hidden Cobra is far from the first time the North Korea has been attributed to running hacking campaigns. The rogue East Asian country previously was fingered for attacks on the SWIFT banking network along with the highly publicized hack of Sony Pictures in 2015.
Photo: 72334647@N03/Flickr
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
