DHS, FBI describe North Korea's use of FALLCHILL malware

US authorities say malware from North Korea may be lurking in computer systems giving hackers remote access. AFP file

US authorities say malware from North Korea may be lurking in computer systems giving hackers remote access. AFP file

The US Department of Homeland Security issued an alert on Tuesday warning malware developed in North Korea may still be hidden in computer networks worldwide. The FBI says it "has high confidence" that those IP addresses are linked to attacks that infect computer systems with Volgmer, a Trojan malware variant used by Hidden Cobra to target the government, financial, auto and media industries.

United States officials earlier this year blamed the group for a series of cyberattacks dating back to 2009, saying it was linked to the Pyongyang government.

The alert - issued jointly by the Federal Bureau of Investigation and the US Computer Emergency Readiness Team (US-CERT), which is part of the Department of Homeland Security (DHS) - identifies IP addresses that North Korean actors are suspected of using to maintain a presence on victims' networks. Once an infection has taken hold, the threat actors behind it can issue multiple commands from command and control (C2) servers while obfuscating their identities behind a number of proxies.

"Hidden Cobra actors use an external tool or dropper to install the Fallchill malware-as-a-service to establish persistence".

Hackers in the Hidden Cobra or Lazarus group have been active since 2009 and "have leveraged their capabilities to target and compromise a range of victims", according to a DHS report in June.

Private security analysts refer to Hidden Cobra as the "Lazarus" group of hackers linked to North Korea and likely behind a series of multimillion-dollar cyber thefts from banks around the world.

"Some intrusions have resulted in the exfiltration of data while others have been disruptive in nature", the report added.

Notícias recomendadas

We are pleased to provide this opportunity to share information, experiences and observations about what's in the news.
Some of the comments may be reprinted elsewhere in the site or in the newspaper.
Thank you for taking the time to offer your thoughts.