US Blames North Korea For Hacking

The US government has issued a rare alert squarely blaming the North Korean government for a raft of cyber-attacks stretching back to 2009 and warning that more were likely.

The joint warning from the US Department of Homeland Security and the Federal Bureau of Investigation said that "cyber actors of the North Korean government," referred to in the report as "Hidden Cobra," had targeted the media, aerospace and financial sectors, as well as critical infrastructure, in the United States and globally.

The new level of detail about the US government's analysis of suspected North Korean hacking activity coincides with increasing tensions between Washington and Pyongyang because of North Korea's missile tests. The alert warned that North Korea would continue to rely on cyber operations to advance its military and strategic objectives.

North Korea has routinely denied involvement in cyber-attacks against other countries and the North Korean mission to the United Nations was not immediately available for comment.

The alert said Hidden Cobra has been previously referred to by private sector experts as Lazarus Group and Guardians of the Peace, which have been linked to attacks such as the 2014 intrusion into Sony Corp's (6758.T) Sony Pictures Entertainment.

Symantec Corp and Kaspersky Lab both said last month it was "highly likely" that Lazarus was behind the WannaCry ransomware attack that infected more than 300,000 computers worldwide, disrupting operations at hospitals, banks and schools.

The alert did not identify specific Hidden Cobra victims. It said the group had compromised a range of victims and that some intrusions had resulted in thefts of data while others were disruptive. The group's capabilities include denial of service attacks, which send reams of junk traffic to a server to knock it offline, keystroke logging, remote access tools and several variants of malware, the alert said.

John Hultquist, a cyber intelligence analyst with FireEye Inc, said that his firm was concerned about increasingly aggressive cyber-attacks from North Korea.

The hacks include cyber espionage at South Korean finance, energy and transportation firms that appears to be reconnaissance ahead of other attacks that would be disruptive or destructive, he said.
"It suggests they are preparing for something fairly significant," he added.

Hidden Cobra commonly targets systems that run older versions of Microsoft Corp (MSFT.O) operating systems that are no longer patched, the alert said, and also used vulnerabilities in Adobe Systems Inc's (ADBE.O) Flash software to gain access into targeted computers.

The report urged organisations to upgrade to current versions of Adobe Flash and Microsoft Silverlight or, when possible, uninstall those applications altogether.

Microsoft said it an emailed statement that it had "addressed" the Silverlight issue in a January 2016 software update. Adobe said via email that it patched the vulnerabilities in June 2016.

North Korean hacking activity has grown increasingly hostile in recent years, according to Western officials and cyber security experts.

The alert arrived on the same day that North Korea released an American university student who had been held captive by Pyongyang for 17 months.

Otto Warmbier was on his way back to the United States last week but in a coma and in urgent need of medical care, according to Bill Richardson, a veteran former diplomat and politician who has played a role in past negotiations with North Korea.

"The US government seeks to arm network defenders with the tools they need to identify, detect and disrupt North Korean government malicious cyber activity that is targeting our country's and our allies’ networks," a DHS official said about the alert. The official was not authorised to speak publicly.

Reuters:

 

 

« Machine Learning Writes Better Emails
US Presidential Election Hacks Revealed »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

WEBINAR: 2024 and Beyond: Top Six Cloud Security Trends

WEBINAR: 2024 and Beyond: Top Six Cloud Security Trends

April 4, 2024 | 11:00 AM PT: Join this webinar to find out about six emerging trends dominating the cloud cybersecurity landscape.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Synology

Synology

Synology provides high-performance, reliable, and secure Network Attached Storage (NAS) products.

Ministry of Defence Georgia - Cyber Security Bureau

Ministry of Defence Georgia - Cyber Security Bureau

The aim of the Cyber Security Bureau is to establish and develop stable, effective and secure Information and Communication Technology systems for the Civil Office of MoD of Georgia.

Robert Half Technology

Robert Half Technology

Robert Half Technology offers a full spectrum of technology staffing solutions to meet contract and full-time IT recruitment needs.

AuthenTrend

AuthenTrend

AuthenTrend provide biometric authentication products to achieve high security with extreme ease-of-use for the user.

GuardianKey

GuardianKey

GuardianKey is a solution to protect systems against authentication attacks.

Gospel Technology

Gospel Technology

Gospel presents a totally new way of accessing and controlling data which is enterprise grade scalable, highly resilient, and secure.

Norsk Akkreditering

Norsk Akkreditering

Norsk Akkreditering is the national accreditation body for Norway. The directory of members provides details of organisations offering certification services for ISO 27001.

FraudLabs Pro

FraudLabs Pro

FraudLabs Pro detects fraud and helps merchants to reduce e-commerce chargebacks by identifying high risk transactions.

White Hawk Software

White Hawk Software

White Hawk provides code tamper-proofing solutions to protect mission critical software applications from malicious and Zero day attacks and reverse engineering at run time.

Liberman Networks

Liberman Networks

Liberman Networks is an IT solutions provider company that provides security, management, monitoring, BDR and cloud solutions.

Rayzone Group

Rayzone Group

Rayzone Group offers a wide range of Cyber Security solutions and services, providing hollistic protection suitable for both enterprises and National cyber security centers.

Hubify

Hubify

Hubify is an experienced, service-driven technology company specialising in business connectivity across mobile, data, voice, cloud, & cyber security solutions.

Centre for Cyber Security Research & Innovation

Centre for Cyber Security Research & Innovation

The Centre for Cyber Security Research & Innovation is Nepal's First Academic Research Institute to focus on understanding the overall Information Security of Nepalese Organizations.

DESCERT

DESCERT

DESCERT offers you an extended IT, cyber security, risk advisory & compliance audit team which provides strategic guidance, engineering and audit services.

IEC Cyber Ltd

IEC Cyber Ltd

IEC Cyber provides Cyber security consulting services for OT systems, with emphasis on process systems aligned to IEC 61508 and IEC 61511. We are a preferred consulting firm for IEC 62443 services.

Knowit

Knowit

Knowit support customers in the digital transformation, simplify people’s everyday lives and create secure and innovative solutions enabling a sustainable future.