recommended reading


DHS, FBI Warn of Tools Used By North Korean Hacking Group

Denial-of-service attack

The Homeland Security Department and FBI issued a joint technical alert Tuesday, detailing the tools and botnet infrastructure associated with cyber actors of the North Korean government.

The agencies refer to malicious activity by the North Korean government as Hidden Cobra, though other security firms have called it the Lazarus Group and the Guardians of Peace. The alert states the actors are targeting media, aerospace, financial and critical infrastructure sectors in the U.S. and around globally with a malware called DeltaCharlie that manages its distributed denial-of-service infrastructure.

Hidden Cobra often targets older, unsupported Microsoft operating systems and Adobe Flash vulnerabilities. The group sometimes steals data while other attacks are disruptive, the alert states.

The alert includes indicators of compromise, malware descriptions, network signatures, and host-based rules to detect activity and urges any organization that does to let DHS’ National Cybersecurity and Communications Integration Center or the FBI's Cyber Watch.


Defense Industrial Base; Financial Services; Media; Other Critical Infrastructure


June 13, 2017

reported by

Department of Homeland Security

number affected


location of breach



North Korean Hackers

location of perpetrators

North Korea

date breach occurred


date breach detected