Two Joint Technical Alerts from the Department of Homeland Security and FBI on Tuesday identified cyber operations from North Korea that target “media, aerospace, financial, and critical infrastructure sectors in the United States and globally.” The United States calls North Korea’s cyber activity Hidden Cobra.
The alerts identify two malware tools used by North Korea known as Volgmer and Fallchill.
“Volgmer is a backdoor Trojan designed to provide covert access to a compromised system,” according to one alert. “Since at least 2013, Hidden Cobra actors have been observed using Volgmer malware in the wild to target the government, financial, automotive, and media industries.”
Fallchill has been used since 2016, according to another alert, and targets aerospace, finance, and telecommunications industries. “Fallchill typically infects a system as a file dropped by other Hidden Cobra malware or as a file downloaded unknowingly by users when visiting sites compromised by Hidden Cobra actors,” it said.
If either malware tool is found, users and administrators “should immediately flag it, report it to the DHS National Cybersecurity and Communications Integration Center or the FBI Cyber Watch, and give it the highest priority for enhanced mitigation,” according to the alerts.
The U.S. government identified Volgmer on at least 94 Internet provider addresses and identified Fallchill on 83 network nodes.
Access the full Joint Technical Alerts here.
© 2017 Homeland411