The United States Computer Emergency Readiness Team (US-CERT) has issued a warning that North Korea has stepped up its efforts to attack media, aerospace, and financial companies in the United States.
The United States has been critical of North Korea since the high-profile attack on Sony in 2014.
The warning has been made public by the US Department of Homeland Security (DHS) and the FBI through US-CERT.
The advisory’s first message is that anyone detecting activities by the DPRK (Democratic People’s Republic of Korea), codenamed “Hidden Cobra” (aka the Lazarus Group or Guardians of Peace), should report activity through the DHS National Cybersecurity Communications and Integration Center (NCCIC) or the FBI Cyber Watch (CyWatch).
This alert identifies IP addresses linked to systems infected with DeltaCharlie malware and provides descriptions of the malware and associated malware signatures. DHS and FBI are distributing these IP addresses to enable network defense activities and reduce exposure to the DDoS command-and-control network.
The takeaway for Naked Security readers is to patch the older applications alleged North Korean cyberattacks like to prey on, particularly the following CVEs:
• CVE-2015-6585: Hangul Word Processor Vulnerability
• CVE-2015-8651: Adobe Flash Player 184.108.40.2064 and 19.x Vulnerability
• CVE-2016-0034: Microsoft Silverlight 5.1.41212.0 Vulnerability
• CVE-2016-1019: Adobe Flash Player 220.127.116.11 Vulnerability
• CVE-2016-4117: Adobe Flash Player 18.104.22.168 Vulnerability
Interestingly, although these emerged as zero-day vulnerabilities, it’s likely that Hidden Cobra exploited them after patches appeared.
The full US-CERT report goes into detail on the specific DDoS and hacking tool (DeltaCharlie) used by the organization.