U.S. says North Korean malware lurking in computer networks

North Korean malware still lurks in computers worldwide US

DHS, FBI describe North Korea's use of FALLCHILL malware

The US Department of Homeland Security issued an alert on Tuesday warning malware developed in North Korea may still be hidden in computer networks worldwide.

United States authorities said malware developed in North Korea is still lurking in many computer networks, giving hackers backdoor access to government, financial, automotive and media organisations.

The alert - issued jointly by the Federal Bureau of Investigation and the US Computer Emergency Readiness Team (US-CERT), which is part of the Department of Homeland Security (DHS) - identifies IP addresses that North Korean actors are suspected of using to maintain a presence on victims' networks.

FALLCHILL allows Hidden Cobra to issue commands to a victim's server by dual proxies, which means it can potentially perform actions like retrieving information about all installed disks, accessing files, modifying file or directory timestamps and deleting evidence that it's been on the infected server.

The U.S. government says Volgmer has been used to gain access to computer systems since at least 2013.

While North Korea's cyber espionage efforts were once dismissed by many security experts, the success of Hidden Cobra over the last few years has changed that perception, and it is now seen as a serious threat because it is able to do a lot of damage at a relatively low cost.

Hackers in the Hidden Cobra or Lazarus group have been active since 2009 and "have leveraged their capabilities to target and compromise a range of victims", according to a DHS report in June.

"Some intrusions have resulted in the exfiltration of data while others have been disruptive in nature", the report added.

Altre Notizie