DHS, FBI Warn of Tools Used By North Korean Hacking Group

The Homeland Security Department and FBI issued a joint technical alert Tuesday, detailing the tools and botnet infrastructure associated with cyber actors of the North Korean government.

The agencies refer to malicious activity by the North Korean government as Hidden Cobra, though other security firms have called it the Lazarus Group and the Guardians of Peace. The alert states the actors are targeting media, aerospace, financial and critical infrastructure sectors in the U.S. and around globally with a malware called DeltaCharlie that manages its distributed denial-of-service infrastructure.

Hidden Cobra often targets older, unsupported Microsoft operating systems and Adobe Flash vulnerabilities. The group sometimes steals data while other attacks are disruptive, the alert states.

The alert includes indicators of compromise, malware descriptions, network signatures, and host-based rules to detect activity and urges any organization that does to let DHS’ National Cybersecurity and Communications Integration Center or the FBI's Cyber Watch.