The joint report from the FBI in addition to U.S. Department of Homeland Security (DHS) provided details on "DeltaCharlie," a malware variant used past times "Hidden Cobra" hacking grouping to infect hundreds of thousands of computers globally every bit purpose of its DDoS botnet network.
According to the report, the Hidden Cobra grouping of hackers are believed to last backed past times the North Korean authorities in addition to are known to launch cyber attacks against global institutions, including media organizations, aerospace in addition to fiscal sectors, in addition to critical infrastructure.
While the United States authorities has labeled the North Korean hacking grouping Hidden Cobra, it is oft known every bit Lazarus Group in addition to Guardians of Peace – the i allegedly linked to the devastating WannaCry ransomware menace that near downwards hospitals in addition to businesses worldwide.
DeltaCharlie – DDoS Botnet Malware
The agencies identified IP addresses alongside "high confidence" associated alongside "DeltaCharlie" – a DDoS tool which the DHS in addition to FBI believe Democratic People's South Korea uses to launch distributed denial-of-service (DDoS) attacks against its targets.
DeltaCharlie is capable of launching a diverseness of DDoS attacks on its targets, including Domain Name System (DNS) attacks, Network Time Protocol (NTP) attacks, in addition to Character Generation Protocol (CGP) attacks.
The botnet malware is capable of downloading executables on the infected systems, updating its ain binaries, changing its ain configuration inwards real-time, terminating its processes, in addition to activating in addition to terminating DDoS attacks.
However, the DeltaCharlie DDoS malware is non new.
DeltaCharlie was initially reported past times Novetta inwards their 2016 Operation Blockbuster Malware Report [DDoS botnets, keyloggers, remote access tools (RATs), in addition to wiper malware.
Hidden Cobra's Favorite Vulnerabilities
Operating since 2009, Hidden Cobra typically targets systems running older, unsupported versions of Microsoft operating systems, in addition to commonly exploits vulnerabilities inwards Adobe Flash Player to make an initial entry call for into victim's machine.
These are the known vulnerabilities affecting diverse applications unremarkably exploited past times Hidden Cobra:
- Hangul Word Processor põrnikas (CVE-2015-6585)
- Microsoft Silverlight flaw (CVE-2015-8651)
- Adobe Flash Player 18.0.0.324 in addition to 19.x vulnerability (CVE-2016-0034)
- Adobe Flash Player 21.0.0.197 Vulnerability (CVE-2016-1019)
- Adobe Flash Player 21.0.0.226 Vulnerability (CVE-2016-4117)
Since Adobe Flash Player is prone to many attacks in addition to merely today the society patched ix vulnerability inwards Player, y'all are advised to update or take away it completely from your computer.
The FBI in addition to DHS bring provided numerous indicators of compromise (IOCs), malware descriptions, network signatures, every bit good every bit host-based rules (YARA rules) inwards an endeavour to assistance defenders reveal activeness conducted past times the North Korean state-sponsored hacking group.
"If users or administrators reveal the custom tools indicative of HIDDEN COBRA, these tools should last straightaway flagged, reported to the DHS National Cybersecurity Communications in addition to Integration Center (NCCIC) or the FBI Cyber Watch (CyWatch), in addition to given highest priority for enhanced mitigation," the warning reads.Besides this, the agencies bring also provided a long listing of mitigations for users in addition to network administrators, which y'all tin follow here.
Share This :
comment 0 Comments
more_vert