Hidden Cobra: North Korea’s History of Hacking
North Korea’s DDoS Botnet Infrastructure
Since 2009, Hidden Cobra actors have leveraged their capabilities to target and compromise a range of victims; some intrusions have resulted in the exfiltration of data while others have been disruptive in nature. Commercial reporting has referred to this activity as Lazarus Group and Guardians of Peace. DHS and the FBI assess that Hidden Cobra actors will continue to use cyber operations to advance their government’s military and strategic objectives.
Tools and capabilities used by Hidden Cobra actors include DDoS botnets, keyloggers, remote access tools (RATs), and wiper malware.
The hack commonly targets systems running older, unsupported versions of Microsoft operating systems. The multiple vulnerabilities in these older systems provide targets for exploitation. Adobe Flash player vulnerabilities have also been used to gain entry into compromised networks.
What should I do?
These are the known vulnerabilities used to exploit this vulnerability:
- CVE-2015-6585: Hangul Word Processor Vulnerability
- CVE-2015-8651: Adobe Flash Player 184.108.40.2064 and 19.x Vulnerability
- CVE-2016-0034: Microsoft Silverlight 5.1.41212.0 Vulnerability
- CVE-2016-1019: Adobe Flash Player 220.127.116.11 Vulnerability
- CVE-2016-4117: Adobe Flash Player 18.104.22.168 Vulnerability
We recommend organizations upgrade these applications to the latest version and patch level. If Adobe Flash or Microsoft Silverlight is no longer required, we recommend that those applications be removed from systems.
Further details can be found here.