The joint report from the FBI in addition to U.S. Department of Homeland Security (DHS) provided details on "DeltaCharlie," a malware variant used past times "Hidden Cobra" hacking grouping to infect hundreds of thousands of computers globally every bit run of its DDoS botnet network.
According to the report, the Hidden Cobra grouping of hackers are believed to move backed past times the North Korean regime in addition to are known to launch cyber attacks against global institutions, including media organizations, aerospace in addition to fiscal sectors, in addition to critical infrastructure.
While the U.S. regime has labeled the North Korean hacking grouping Hidden Cobra, it is oft known every bit Lazarus Group in addition to Guardians of Peace – the 1 allegedly linked to the devastating WannaCry ransomware menace that near downward hospitals in addition to businesses worldwide.
DeltaCharlie – DDoS Botnet Malware
The agencies identified IP addresses amongst "high confidence" associated amongst "DeltaCharlie" – a DDoS tool which the DHS in addition to FBI believe Democratic People's South Korea uses to launch distributed denial-of-service (DDoS) attacks against its targets.
DeltaCharlie is capable of launching a multifariousness of DDoS attacks on its targets, including Domain Name System (DNS) attacks, Network Time Protocol (NTP) attacks, in addition to Character Generation Protocol (CGP) attacks.
The botnet malware is capable of downloading executables on the infected systems, updating its ain binaries, changing its ain configuration inwards real-time, terminating its processes, in addition to activating in addition to terminating DDoS attacks.
However, the DeltaCharlie DDoS malware is non new.
DeltaCharlie was initially reported past times Novetta inwards their 2016 Operation Blockbuster Malware Report [DDoS botnets, keyloggers, remote access tools (RATs), in addition to wiper malware.
Hidden Cobra's Favorite Vulnerabilities
Operating since 2009, Hidden Cobra typically targets systems running older, unsupported versions of Microsoft operating systems, in addition to commonly exploits vulnerabilities inwards Adobe Flash Player to hit an initial entry signal into victim's machine.
These are the known vulnerabilities affecting diverse applications commonly exploited past times Hidden Cobra:
- Hangul Word Processor põrnikas (CVE-2015-6585)
- Microsoft Silverlight flaw (CVE-2015-8651)
- Adobe Flash Player 18.0.0.324 in addition to 19.x vulnerability (CVE-2016-0034)
- Adobe Flash Player 21.0.0.197 Vulnerability (CVE-2016-1019)
- Adobe Flash Player 21.0.0.226 Vulnerability (CVE-2016-4117)
Since Adobe Flash Player is prone to many attacks in addition to simply today the fellowship patched ix vulnerability inwards Player, yous are advised to update or take it completely from your computer.
The FBI in addition to DHS convey provided numerous indicators of compromise (IOCs), malware descriptions, network signatures, every bit good every bit host-based rules (YARA rules) inwards an examine to assistance defenders notice activeness conducted past times the North Korean state-sponsored hacking group.
"If users or administrators notice the custom tools indicative of HIDDEN COBRA, these tools should move instantly flagged, reported to the DHS National Cybersecurity Communications in addition to Integration Center (NCCIC) or the FBI Cyber Watch (CyWatch), in addition to given highest priority for enhanced mitigation," the alarm reads.Besides this, the agencies convey also provided a long listing of mitigations for users in addition to network administrators, which yous tin follow here.
