DHS, FBI Alert About North Korean Hacking Campaign

DD Images/Shutterstock.com

It’s rare for the government to attribute cyber mischief to a nation-state.

Editor's note: This article was updated with comment from Adobe.

The FBI and Homeland Security Department released technical details Wednesday about a North Korean government-linked hacking group fingered in numerous cyber operations, including the historic breach at Sony Pictures Entertainment in 2015.

The North Korean group, dubbed Hidden Cobra, has been targeting victims since at least 2009 and is likely to continue “cyber operations to advance their government’s military and strategic objectives,” the alert states.

Wednesday’s alert focused on North Korean efforts to infect computers with malware and conscript them into a botnet army that can target North Korean adversaries with distributed denial of service attacks. The group may target media and critical infrastructure sectors, such as aerospace and financial services, DHS said. 

» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.

Hidden Cobra has also been known to steal and destroy data from targeted computers and to steal passwords and other information people type into keyboards, DHS said. It typically exploits vulnerabilities in older-generation Microsoft products as well as Adobe Flash players, the alert states. An Adobe spokesman told Nextgov patches to fix the vulnerabilities have been available since 2016.

Though DHS frequently alerts the private sector about cyber threats, such as the recent WannaCry ransomware attack and major distributed denial of service operations, it’s rare for the department to attribute those attacks to a national government.

The department released a report titled “Grizzly Steppe” about Russian government hacking operations tied to the 2016 election in December. Security researchers criticized the report, which came out the same day then-President Barack Obama imposed additional sanctions on Russia, for not adding new information and drawing dubious conclusions.

Wednesday’s alert urges cybersecurity companies to further study North Korean cyber campaigns and asks any organizations that spot indicators associated with the North Korean campaign to alert DHS.