US authorities believe the North Korean government has been using an army of hackers called “Hidden Cobra” to deploy cyber attacks over the past eight years. That’s according to the Technical Alert formally issued by the Homeland Security and the FBI, which contains the details and tools NK’s cyber army has been using to infiltrate the media, financial, aerospace and critical infrastructure sectors in the US and around the globe. The government agencies are encouraging cyber analysts to be on the lookout, warning them that the Asian country will continue to use cyber operations to advance its government’s military and strategic objectives.
According to the report, the weapons in Hidden Cobra’s arsenal include DDoS botnets, keyloggers, remote access tools and different variants of malware and tools. It also said that the group is commonly referred to in the media as the Guardians of Peace and the Lazarus Group. In other words, the US is saying that the state-sponsored Hidden Cobra is the same group responsible for the massive Sony Pictures hack in 2014 carried out by a group calling themselves the Guardians of Peace. It might also be responsible for the WannaCry ransomware, which recently took a lot of PCs hostage using the NSA hacking tools that leaked to the public.
That’s not entirely surprising, seeing as the FBI linked NK to the Sony cyberattack shortly after it happened. Plus, security researchers found similarities between the code of an early version of WannaCry and a sample code from the Lazarus Group, which was linked to both the Sony Pictures hack and the $80 million Bangladesh Bank heist. North Korean representatives denied their country was involved in the incidents, though they certainly sounded glad someone hacked Sony, calling the perpetrators “supporters and sympathizers” of the North’s cause. If you’ll recall, the Sony hack happened as the studio was preparing to bring The Interview to theaters. The movie is a political satire/spy flick starring Seth Rogen and James Franco as journalists recruited by the CIA to assassinate NK leader Kim Jong-un.
So, what can we do to protect ourselves from Hidden Cobra? The report says the group commonly targets old Windows platforms, most likely XP, that are no longer patched. They also use vulnerabilities found in Flash and Silverlight to infiltrate computers, though both Adobe and Microsoft said they already patched those holes early last year. The best way to keep the hackers out is to use newer OS that’s still receiving security upgrades. Homeland Security also recommends removing both Flash and Silverlight entirely if they’re not necessary to be sure no bad player uses them as an entry point.
While we probably have little to worry about as individuals, companies in the industries NK tends to target (especially those based in South Korea) might want to double down on security. In addition to Homeland Security’s and the FBI’s warning that the country will continue using its cyber army, security firm FireEye warns that it’s been seeing increasingly aggressive attacks from the totalitarian state. The North has been using cyber espionage techniques to spy on the South’s finance, energy and transportation firms, suggesting that they’re “preparing for something fairly significant.”