hidden cobra botnet

DHS, FBI release details on North Korean bot

The FBI and the Department of Homeland Security have issued a joint alert on the tools used by malicious actors in North Korea's government amid rising tensions over that country's nuclear strike capabilities.

Back in June, DHS and the FBI warned that North Korea was conducting distributed denial-of-service attacks on critical infrastructure, the media, the aerospace industry and the financial sector worldwide via Hidden Cobra, a government-managed botnet infrastructure.

Older, unpatched versions of Adobe's Flash media player and Microsoft's Silverlight video player were cited as potential attack vectors.

An Aug. 23 update posted on the U.S. Computer Emergency Readiness Team's website provides more technical details on the operation and how to detect the North Korean bots on networks.

The two agencies identified the IP addresses of DeltaCharlie malware that North Korea used to manage its DDOS botnet infrastructure and updated detection and file information on the malware. The US-CERT notice includes indicators of compromise, malware descriptions, network signatures and host-based rules to help network defenders detect activity  that is allegedly driven by the North Korean government.

US-CERT said it had obtained three files associated with DeltaCharlie attack malware, which were designed to conduct three types of attacks to open the door for DDOS assaults.

The warning states that the files set up backdoor command-and-control capabilities on compromised systems, allowing malicious operators to take over controls and capabilities from the victim system so hackers can tailor their DDOS attack techniques.


Charter Sponsors