North Korean Cyber Attacks Continue

Uploaded on 2017-08-25 in NEWS-Cybersecurity News, INTELLIGENCE--International, GOVERNMENT-Defence, FREE TO VIEW

The US Department of Homeland Security and FBI issued a new warning this week that North Korean government hackers are continuing to target critical US infrastructure for cyber attacks.

A technical report by DHS' National Cyber Awareness System reveals details of the tools and cyber methods being used by North Korean government hackers.

The alert said the North Korean government is using the cyber tools to "target the media, aerospace, financial, and critical infrastructure sectors in the United States and globally."

The warning comes amid heightened tensions between the United States and North Korea. Pyongyang recently threatened to fire missiles at Guam prompting counter threats from the Trump administration. The notice lists Internet Protocol addresses linked to a malware called DeltaCharlie that is "used to manage North Korea’s distributed denial-of-service (DDoS) botnet infrastructure."

A botnet is a network of a large number of hijacked computers and networks that are used to conduct cyber-attacks designed to shut down networks by flooding them with digital requests.
"The US government refers to the malicious cyber activity by the North Korean government as Hidden Cobra," the notice said.
The technical details were published to assist computer administrators in identifying North Korea Botnet cyber strikes.
"FBI has high confidence that Hidden Cobra actors are using the IP addresses for further network exploitation," the notice said.

The government warning followed a report by the California-based security firm Palo Alto Networks earlier this month indicating that North Korean hackers were targeting US defense contractors.

The hackers sent out emails containing weaponised Microsoft Office documents, including one that used a fraudulent job offering for a position as a manager of the Terminal High Altitude Area Defense, or THAAD, the U.S. anti-missile system recently deployed to South Korea.
"The techniques and tactics the group uses have changed little in recent attacks," Palo Alto Networks stated in a report. "Tool and infrastructure overlaps with previous campaigns are apparent. Given that the threat actors have continued operations despite their discovery and public exposure it is likely they will continue to operate and launch targeted campaigns."
The North Korean Botnet has been operating since 2009 and have compromised "a range of victims" that were not specified by the notice. The latest DHS report provided additional details on the cyber threat from a report first published in June.
"Some intrusions have resulted in the exfiltration of data while others have been disruptive in nature," the notice said, noting that security experts have identified two entities used as cover names by the North Koreans. They are the Lazarus Group and the Guardians of Peace.

The Guardians of Peace was the code name used by North Korean hackers who attacked Sony Pictures Entertainment in what officials have called one of the first publicly known state-sponsored cyber-attacks. The November 2014 cyber-attack against Sony was aimed at derailing release of the comedy film The Interview that involved a fictional plot to kill North Korean leader Kim Jong Un.

The attack resulted in the destruction of Sony networks and the theft and disclosure of valuable and sensitive internal data.
"DHS and FBI assess that Hidden Cobra actors will continue to use cyber operations to advance their government’s military and strategic objectives," the notice said.

Among the cyber-attack tools used by the North Koreans are botnets, keyloggers, remote access tools, and wiper malware.
Keyloggers are malware capable of remotely intercepting keyboard strokes in learning login and passwords; remote access tools are methods of creating covert openings in networks targeted for attacks; and wiper malware is used to destroy all data on targeted networks. The malware linked to the North Koreans includes variants called Destroyer, Wild Positron/Duuzer, and Hangman. The North Koreans also appear to be targeting networks that use older, unsupported Microsoft operating systems, such as Windows XP.
"The multiple vulnerabilities in these older systems provide cyber actors many targets for exploitation," the notice said. "These actors have also used Adobe Flash player vulnerabilities to gain initial entry into users' environments."
The report warned that cyber-attacks can produce severe impacts, especially when sensitive information is stolen and made public.

DHS said that by using software security patches, technically blocking known malware, restricting administrator privileges, and using firewalls, up to 85 percent of cyber intrusions can be halted.
"However, many organisations fail to use these basic security measures, leaving their systems open to compromise," the report said.

Details of the North Korean hacker methods were disclosed by the security firm Novetta in a recent report, "Operation Blockbuster: Destructive Malware Report."
"The destructive malware within the Lazarus Group’s collection ranges from simplistic to moderately advanced in construction and style," the report said.
"The authors behind these destructive malware families have developed a set of tools capable of inflicting significant damage against a target either directly … or remotely. This further emphasises that even a moderately capable adversary with minimal resources is able to perform asymmetric cyberwar against a large target."

Free Beacon:

You Might Also Read: 

N. Korea Will Unleash Cyber Attacks On The US:

Ignoring Software Updates…:

WannaCry Also Hit Windows 7 Systems:

 


 

 

 

 

« Driverless Truck Fleet Gets UK Trial
Solutions To Combat ‘Fake News’ »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Council of European Professional Informatics Societies (CEPIS)

Council of European Professional Informatics Societies (CEPIS)

CEPIS is the representative body of national informatics associations throughout Europe and represent over 450,000 ICT and informatics professionals in 32 countries.

Lumeta

Lumeta

Lumeta’s cyber situational awareness platform is the unmatched source for enterprise network infrastructure analytics and security monitoring for breach detection.

Stormshield

Stormshield

Stormshield is a European leader in digital infrastructure security. We offer smart, connected solutions in order to anticipate attacks and protect digital infrastructures.

Kount

Kount

Kount's “decision engine” platform is ideal for managing fraud in online/telephone channels that process payments and onboard new customers.

Muninn

Muninn

At Muninn (aka Wehowsky), we specialize in mitigating potential risks within your network, providing one of the leading network detection and response (NDR) solutions on the market.

Intraprise Health

Intraprise Health

Intraprise Health is a Certified HITRUST Assessor and award-winning provider of health information security products and services.

CyberMDX

CyberMDX

CyberMDX delivers proactive security built for hospital devices. 360° visibility, insight, and protection for all connected hospital technologies.

Fortiphyd Logic

Fortiphyd Logic

Fortiphyd Logic equips operators of the power grid, oil & gas, and other critical infrastructure with the tools and training they need to defend their industrial networks from advanced cyberattacks.

Commonwealth Cyber Initiative (CCI)

Commonwealth Cyber Initiative (CCI)

The Commonwealth Cyber Initiative is establishing Virginia as a global center of excellence at the intersection of security, autonomous systems, and data.

HEQA Security

HEQA Security

HEQA Security (formerly QuantLR) offer the world’s most cost-effective, easy-to-integrate, and secure Quantum Key Distribution (QKD) solution

Digital Element

Digital Element

Digital Element is a global IP geolocation and intelligence leader with unrivaled expertise in leveraging IP address insights to deliver new value to companies.

XpertDPO

XpertDPO

XpertDPO provides data security, governance, risk and compliance, GDPR and ISO consultancy to public and private sector organisations.

Certcube Labs

Certcube Labs

Certcube Labs provide a broad range of services in the areas of Assessments, Development, Risk Advisory, Blockchain, Forensics Investigations, Managed Security Solutions, and IT Security Trainings.

Harrison Clarke

Harrison Clarke

Harrison Clarke is a leading staffing and recruiting firm in the Cloud, Cybersecurity, Data & AI space.

Amplix

Amplix

In the race to create value for your enterprise, Amplix is your best asset for making technology decisions and optimizing your IT infrastructure, cloud usage, and security posture.

Interpres Security

Interpres Security

Interpres Security operationalizes TTP-based threat intelligence and automates continuous exposure monitoring to help CISOs and security practitioners reduce threat exposure.