US Blames North Korea For Hacking

Uploaded on 2017-06-19 in INTELLIGENCE--USA, INTELLIGENCE-Hot Spots-North Korea, GOVERNMENT-National, FREE TO VIEW, NEWS-Cybersecurity News, TECHNOLOGY--Hackers

The US government has issued a rare alert squarely blaming the North Korean government for a raft of cyber-attacks stretching back to 2009 and warning that more were likely.

The joint warning from the US Department of Homeland Security and the Federal Bureau of Investigation said that "cyber actors of the North Korean government," referred to in the report as "Hidden Cobra," had targeted the media, aerospace and financial sectors, as well as critical infrastructure, in the United States and globally.

The new level of detail about the US government's analysis of suspected North Korean hacking activity coincides with increasing tensions between Washington and Pyongyang because of North Korea's missile tests. The alert warned that North Korea would continue to rely on cyber operations to advance its military and strategic objectives.

North Korea has routinely denied involvement in cyber-attacks against other countries and the North Korean mission to the United Nations was not immediately available for comment.

The alert said Hidden Cobra has been previously referred to by private sector experts as Lazarus Group and Guardians of the Peace, which have been linked to attacks such as the 2014 intrusion into Sony Corp's (6758.T) Sony Pictures Entertainment.

Symantec Corp and Kaspersky Lab both said last month it was "highly likely" that Lazarus was behind the WannaCry ransomware attack that infected more than 300,000 computers worldwide, disrupting operations at hospitals, banks and schools.

The alert did not identify specific Hidden Cobra victims. It said the group had compromised a range of victims and that some intrusions had resulted in thefts of data while others were disruptive. The group's capabilities include denial of service attacks, which send reams of junk traffic to a server to knock it offline, keystroke logging, remote access tools and several variants of malware, the alert said.

John Hultquist, a cyber intelligence analyst with FireEye Inc, said that his firm was concerned about increasingly aggressive cyber-attacks from North Korea.

The hacks include cyber espionage at South Korean finance, energy and transportation firms that appears to be reconnaissance ahead of other attacks that would be disruptive or destructive, he said.
"It suggests they are preparing for something fairly significant," he added.

Hidden Cobra commonly targets systems that run older versions of Microsoft Corp (MSFT.O) operating systems that are no longer patched, the alert said, and also used vulnerabilities in Adobe Systems Inc's (ADBE.O) Flash software to gain access into targeted computers.

The report urged organisations to upgrade to current versions of Adobe Flash and Microsoft Silverlight or, when possible, uninstall those applications altogether.

Microsoft said it an emailed statement that it had "addressed" the Silverlight issue in a January 2016 software update. Adobe said via email that it patched the vulnerabilities in June 2016.

North Korean hacking activity has grown increasingly hostile in recent years, according to Western officials and cyber security experts.

The alert arrived on the same day that North Korea released an American university student who had been held captive by Pyongyang for 17 months.

Otto Warmbier was on his way back to the United States last week but in a coma and in urgent need of medical care, according to Bill Richardson, a veteran former diplomat and politician who has played a role in past negotiations with North Korea.

"The US government seeks to arm network defenders with the tools they need to identify, detect and disrupt North Korean government malicious cyber activity that is targeting our country's and our allies’ networks," a DHS official said about the alert. The official was not authorised to speak publicly.

Reuters:

 

 

« Machine Learning Writes Better Emails
US Presidential Election Hacks Revealed »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Radware

Radware

Radware is a global leader of application delivery and cyber security solutions for virtual, cloud and software defined data centers.

Data Security Council of India (DSCI)

Data Security Council of India (DSCI)

DSCI is a premier industry body on cyber security and data protection in India, committed to making the cyberspace safe, secure and trusted.

PrimaTech

PrimaTech

PrimaTech provide process safety, cyber and process security, and risk management consulting, training and software for the process industries.

Cyber Security Capital (CS^)

Cyber Security Capital (CS^)

Cyber Security Capital is a consultancy helping to mobilise and empower individuals, corporate leaders and entrepreneurs in cyber security.

Versa Networks

Versa Networks

Versa is a software-defined networking vendor providing an end-to-end solution that both simplifies and secures the WAN/branch office network.

Procilon Group

Procilon Group

Procilon Group specialize in the development of cryptographic software as well as strategic advice on information security and data protection.

Sistem Integra (SISB)

Sistem Integra (SISB)

SISB provide IT Security Infrastructure & Development, Mechanical & Electrical Services, Fire Safety & Detection Services, Facilities Management & Application Development.

SwiftSafe

SwiftSafe

SwiftSafe is a cybersecurity consulting company providing auditing, pentesting, compliance and managed security services.

Fend

Fend

Fend secures smart infrastructure. We provide a robust, highly secure way to have situational awareness of IoT enabled assets.

EuraTechnologies

EuraTechnologies

EuraTechnologies, the French incubator and accelerator, is a centre of excellence and innovation for startups and entrepreneurs with a focus on Digital, Data, Cybersecurity and IoT.

AaDya

AaDya

AaDya provide smart, simple, affordable and effective cybersecurity software solutions for small and medium businesses.

R3I Ventures - House of DeepTech

R3I Ventures - House of DeepTech

The House of DeepTech is an incubator for deeptech entrepreneurs that are transforming global industries. Areas of interest include cybersecurity.

Advantage

Advantage

Advantage exists to provide peace of mind in an evolving technology reliant world. We were created by visionaries who for nearly 4-decades have been passionate about providing world-class solutions.

Aunalytics

Aunalytics

Aunalytics is a data platform company that delivers insights as a service to answer your most important IT and business questions.

Amyna Systems

Amyna Systems

Amyna has developed an IoT cybersecurity platform that prevents malignant attacks, helping users to protect themselves from cyberattacks.

CERT.ar

CERT.ar

CERT.ar is the national Computer Emergency Response Team for the technical-administrative management of computer security incidents in the National Public Sector of Argentina.