US Blames North Korea For Hacking

Uploaded on 2017-06-19 in INTELLIGENCE--USA, INTELLIGENCE-Hot Spots-North Korea, GOVERNMENT-National, FREE TO VIEW, NEWS-Cybersecurity News, TECHNOLOGY--Hackers

The US government has issued a rare alert squarely blaming the North Korean government for a raft of cyber-attacks stretching back to 2009 and warning that more were likely.

The joint warning from the US Department of Homeland Security and the Federal Bureau of Investigation said that "cyber actors of the North Korean government," referred to in the report as "Hidden Cobra," had targeted the media, aerospace and financial sectors, as well as critical infrastructure, in the United States and globally.

The new level of detail about the US government's analysis of suspected North Korean hacking activity coincides with increasing tensions between Washington and Pyongyang because of North Korea's missile tests. The alert warned that North Korea would continue to rely on cyber operations to advance its military and strategic objectives.

North Korea has routinely denied involvement in cyber-attacks against other countries and the North Korean mission to the United Nations was not immediately available for comment.

The alert said Hidden Cobra has been previously referred to by private sector experts as Lazarus Group and Guardians of the Peace, which have been linked to attacks such as the 2014 intrusion into Sony Corp's (6758.T) Sony Pictures Entertainment.

Symantec Corp and Kaspersky Lab both said last month it was "highly likely" that Lazarus was behind the WannaCry ransomware attack that infected more than 300,000 computers worldwide, disrupting operations at hospitals, banks and schools.

The alert did not identify specific Hidden Cobra victims. It said the group had compromised a range of victims and that some intrusions had resulted in thefts of data while others were disruptive. The group's capabilities include denial of service attacks, which send reams of junk traffic to a server to knock it offline, keystroke logging, remote access tools and several variants of malware, the alert said.

John Hultquist, a cyber intelligence analyst with FireEye Inc, said that his firm was concerned about increasingly aggressive cyber-attacks from North Korea.

The hacks include cyber espionage at South Korean finance, energy and transportation firms that appears to be reconnaissance ahead of other attacks that would be disruptive or destructive, he said.
"It suggests they are preparing for something fairly significant," he added.

Hidden Cobra commonly targets systems that run older versions of Microsoft Corp (MSFT.O) operating systems that are no longer patched, the alert said, and also used vulnerabilities in Adobe Systems Inc's (ADBE.O) Flash software to gain access into targeted computers.

The report urged organisations to upgrade to current versions of Adobe Flash and Microsoft Silverlight or, when possible, uninstall those applications altogether.

Microsoft said it an emailed statement that it had "addressed" the Silverlight issue in a January 2016 software update. Adobe said via email that it patched the vulnerabilities in June 2016.

North Korean hacking activity has grown increasingly hostile in recent years, according to Western officials and cyber security experts.

The alert arrived on the same day that North Korea released an American university student who had been held captive by Pyongyang for 17 months.

Otto Warmbier was on his way back to the United States last week but in a coma and in urgent need of medical care, according to Bill Richardson, a veteran former diplomat and politician who has played a role in past negotiations with North Korea.

"The US government seeks to arm network defenders with the tools they need to identify, detect and disrupt North Korean government malicious cyber activity that is targeting our country's and our allies’ networks," a DHS official said about the alert. The official was not authorised to speak publicly.

Reuters:

 

 

« Machine Learning Writes Better Emails
US Presidential Election Hacks Revealed »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

CloudDNA

CloudDNA

CloudDNA deliver solutions that enable users and devices to connect over high performance, secure, efficient, scalable cloud networks.

Cura Software Solutions

Cura Software Solutions

Cura Software Solutions (formerly Cura Technologies) is a market-leader in Governance, Risk and Compliance (GRC) enterprise applications.

Cobwebs Technologies

Cobwebs Technologies

Cobwebs Technologies provide web intelligence solutions for Law Enforcement (including cybercrime), Intelligence Agencies and Federal Agencies.

enSilo

enSilo

enSilo secures customers data on premise or in the cloud. Regardless of the where the threat comes from, enSilo can protect your data.

Guardian360

Guardian360

The Guardian360 platform offers unrivalled insight into the security of your applications and IT infrastructure.

Malomatia

Malomatia

Malomatia is a leading provider of technology services and solutions in Qatar including information security.

Araxxe

Araxxe

Araxxe delivers Revenue Assurance, End-to-End Billing Verification and Interconnect Fraud Detection solutions to communication companies worldwide.

Polish Centre for Accreditation (PCA)

Polish Centre for Accreditation (PCA)

PCA is the national accreditation body for Poland. The directory of members provides details of organisations offering certification services for ISO 27001.

KrCERT/CC

KrCERT/CC

KrCERT/CC is the National Computer Emergency Response Team in Korea.

CyberCyte

CyberCyte

CyberCyte provides a disruptive built-in integrated physical, network and perimeter security solution framework.

SOC Prime

SOC Prime

SOC Prime is the only Threat Detection Marketplace where researchers monetize their content to help security teams defend against attacks easier, faster and more efficiently than ever.

TOTM Technologies

TOTM Technologies

TOTM Technologies provides end-to-end identity management and biometrics products, powering Digital identity and Digital onboarding solutions.

ANY.RUN

ANY.RUN

ANY.RUN is an interactive online malware analysis service created for dynamic as well as static research of multiple types of cyber threats.

VENZA

VENZA

VENZA is a data protection company that can help organisations mitigate their vulnerabilities and ensure compliance, keeping guests and their data safe from breaches.

Mediatech

Mediatech

Mediatech, specialized in managed Cybersecurity and Cloud services, a single point of contact for your company's IT and infrastructure.

Graphiant

Graphiant

Graphiant’s Data Assurance service gives businesses end-to-end control and visibility into how data travels throughout the entire business network.