DHS, FBI describe North Korea's use of FALLCHILL malware

Rodiano Bonacci
Novembre 15, 2017

The technical alert from the Federal Bureau of Investigation and Department of Homeland Security says a remote administration tool (RAT) called FALLCHILL has been deployed by Hidden Cobra since 2016 to target the aerospace, telecommunications and finance industries.

The alert - issued jointly by the Federal Bureau of Investigation and the US Computer Emergency Readiness Team (US-CERT), which is part of the Department of Homeland Security (DHS) - identifies IP addresses that North Korean actors are suspected of using to maintain a presence on victims' networks.

The FBI and Department of Homeland Security also posted a list of IP addresses linked to Hidden Cobra.

DHS Computer Emergency Response Team said some networks could be infected with the Volgmer "backdoor Trojan" which gives hackers complete control of a computer system.

U.S. officials told AFP a hacker group called "Hidden Cobra" also known as "Lazarus" has the ability to "maintain a presence on victims' networks" with the aim to "further network exploitation".

While North Korea's cyber espionage efforts were once dismissed by many security experts, the success of Hidden Cobra over the last few years has changed that perception, and it is now seen as a serious threat because it is able to do a lot of damage at a relatively low cost.

Hackers in the Hidden Cobra or Lazarus group have been active since 2009 and "have leveraged their capabilities to target and compromise a range of victims", according to a DHS report in June, AFP said. US-CERT, which is part of the DHS National Cybersecurity Communications Integration Center (NCCIC), released in August 2017 an analysis of a piece of malware known as DeltaCharlie, which North Korea uses in launching distributed denial of service (DDoS) attacks on companies or other domains.

Altre relazioniGrafFiotech

Discuti questo articolo

Segui i nostri GIORNALE