U.S DHS and FBI Issue Alerts about North Korea-Backed Cyber Attacks

The U.S Department of Homeland Security, along with the FB, has come out with a statement that hackers who reportedly have ties with North Korea could still gain backdoor access to many government systems/networks and business networks.

The Guardian reports-“US authorities have warned that malware developed in North Korea is still lurking in many computer networks, giving hackers backdoor access to government, financial, automotive and media organizations. An alert issued by the Department of Homeland Security (DHS) warned of surreptitious activity by the so-called “Hidden Cobra” hacker group, also known by the name “Lazarus”.”

A release by the Department of Homeland Security, dated November 14, 2017 and titled ‘DHS and FBI Release Joint Technical Alerts on Malicious North Korean Cyber Activity‘, says- “Today, DHS and FBI released a pair of Joint Technical Alerts (TA17-318A and TA17-318B) that provide details on tools and infrastructure used by North Korea to target the media, aerospace, financial, and critical infrastructure sectors in the United States and globally.”

The release further says- “The North Korean government malicious cyber activity noted in these alerts is part of a long-term campaign of cyber-enabled operations that impact the U.S. Government and its citizens. Working closely with our interagency, industry and international partners, DHS is constantly working to arm network defenders with the tools they need to identify, detect and disrupt state and non-state actors targeting the networks and systems of our country and our allies.”

US officials had earlier this summer blamed the same group for having executed a series of cyber strikes, dating back to 2009, and allegedly linked to the North Korean government.

The DHS and the FBI suggest that the Pyongyang government-backed hackers could still maintain their presence on the critical networks and seek “to further network exploitation.”

The two alerts the DHS has issued along with the release says that some networks could be infected with either the Volgmer “backdoor Trojan” (which is supposed to be in use since 2013) or with Fallchill, a remote administration tool that is supposed to be in use since 2016. These could help the hackers take full control of a system or network.

It’s also speculated that the same group could also have been behind the WannaCry ransomware outbreak that happened earlier this year and impacted thousands of systems worldwide. The Guardian says- “Private security analysts refer to Hidden Cobra as the “Lazarus” group of hackers linked to North Korea and probably behind a series of multimillion-dollar cyberthefts from banks around the world. Some analysts say the Lazarus group may also have been behind the WannaCry ransomware outbreak earlier this year.”

The group reportedly conducts attacks that either aim at data theft or are disruptive in nature. While the Department of Homeland Security and the FBI reportedly maintain that this group of North Korea-backed hackers would continue to carry out attacks to advance their government’s military and strategic objectives, North Korea has, as per reports, denied orchestrating any such cyber attacks.