NORTH KOREA’S HACK THREAT
The FBI and Department of Homeland Security warned this week that North Korea is using malicious software to set up networks of hijacked computer devices that can be used in large-scale cyberattacks on critical infrastructure.
A report published Tuesday identifies the technical tools and networks used by North Korean government hackers to target media, aerospace, financial and critical infrastructure in the United States and around the world under the code name Hidden Cobra.
“DHS and FBI assess that Hidden Cobra actors will continue to use cyber operations to advance their government’s military and strategic objectives,” the report said. “Cyber analysts are encouraged to review the information provided in this alert to detect signs of malicious network activity.”
North Korea is considered to be a growing cyberwarfare threat and is believed to be developing capabilities to conduct large-scale cyberattacks on the United States.
The malware linked to the North Korean hackers is called Delta Charlie and is “used to manage North Korea’s distributed denial-of-service (DDoS) botnet infrastructure,” the notice from DHS’ Computer Emergency Readiness Team says.
The DHS and the FBI urged all system administrators who detect Hidden Cobra — either the malware, network signatures or other indicators — to report them to the DHS or FBI as soon as possible. Both agencies have special units to deal with such infrastructure cyberattacks, the National Cybersecurity Communications and Integration Center under the DHS and the FBI has its Cyber Watch program.
The notice says any signs of the North Korean cyberattack should be “given highest priority for enhanced mitigation” — an indication of the level of concern.
The notice listed a number of internet protocol addresses used by the North Koreans.
“Since 2009, Hidden Cobra actors have leveraged their capabilities to target and compromise a range of victims; some intrusions have resulted in the exfiltration of data while others have been disruptive in nature,” the notice said.
Alternative names used by the North Koreans include the Lazarus Group and Guardians of Peace.
The Guardians of Peace was the cover name used by North Korean hackers operating from China and Southeast Asia that carried out the November 2014 cyberattack against Sony Pictures International, one of the first major nation-state cyberattacks to be identified publicly by the U.S. government.
The North Koreans are using large networks of hijacked computers, called botnets, that are part of distributed denial of service attacks. Other hacking tools include keylogging software that can record and send keystrokes, remote access tools used in cyberespionage attacks, and “wiper” malware that destroys data.
“Further research is needed to understand the full breadth of this group’s cyber capabilities. In particular, DHS recommends that more research should be conducted on the North Korean cyber activity that has been reported by cybersecurity and threat research firms.”
North Korean hackers generally target computer networks that use older, unsupported versions of Microsoft operating systems that contain security flaws. Adobe Flash player software vulnerabilities also have been used by Pyongyang’s hackers.
“A successful network intrusion can have severe impacts, particularly if the compromise becomes public and sensitive information is exposed,” the report warned, noting the danger of lost data, disruption of operations, financial losses and reputational damage. Network administrators are being urged to apply security patches to all software to stave off attacks. areas near the United States in a bid to counter extensive Air Force and Navy surveillance around China’s coasts.
“China is expanding its access to foreign ports to pre-position the necessary logistics support to regularize and sustain deployments in the ‘far seas,’ waters as distant as the Indian Ocean, Mediterranean Sea, and Atlantic Ocean,” the report says in a special section on overseas access.
The most visible base is being built near the Horn of Africa in Djibouti. The Chinese began building a military base there in February 2016 and are expected to complete the facility this year. Beijing has said the base will help Chinese navy and army units take part in U.N. peacekeeping, assist naval escort missions in the area for Chinese freighters, and provide humanitarian assistance.
But the Pentagon said the base and regular naval visits to foreign ports “both reflect and [amplify] China’s growing influence, extending the reach of its armed forces.”
The report reverses decades of U.S. intelligence reporting that insisted China harbored no international ambitions beyond preparing to fight a conflict with Taiwan, located 100 miles across the strait with southern China. The Pentagon now believes China wants to project military power around the world to support its economic interests and critical sea lanes.
“China most likely will seek to establish additional military bases in countries with which it has a long-standing friendly relationship and similar strategic interests, such as Pakistan, and in which there is a precedent for hosting foreign militaries,” the report said.
China also is be expected to utilize the