Industry News

US Blames North Korea Group Dubbed ‘Hidden Cobra’ for Domestic and Global Hacks

A recent US Government Technical Alert (TA) issued by the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI), singles out a hacking group believed to be associated with the North Korean government and allegedly responsible for hacks of media, aerospace, financial, and critical infrastructure sectors.

Dubbed “Hidden Cobra,” the alert includes details involving tools actively employed by the hackers, targets and indicators of compromise (IoC) that can help organizations defend themselves against them. While the analysis also includes a list of vulnerabilities allegedly used by the hacker group – ranging from Adobe Flash Player to Microsoft Silverlight and Hangul Word Processor – most have already been patched by newer distributions.

The alert also attributes the WannaCry incident, which involved a vulnerability in the SMB v1 Windows protocol, to the Hidden Cobra group, while urging independent security researchers to join the investigation to uncover the full extent of the group’s full cyber capabilities.

“Since 2009, HIDDEN COBRA actors have leveraged their capabilities to target and compromise a range of victims; some intrusions have resulted in the exfiltration of data while others have been disruptive in nature,” reads the alert. “Commercial reporting has referred to this activity as Lazarus Group[1] (link is external) and Guardians of Peace.[2] (link is external) DHS and FBI assess that HIDDEN COBRA actors will continue to use cyber operations to advance their government’s military and strategic objectives. Cyber analysts are encouraged to review the information provided in this alert to detect signs of malicious network activity.”

A distributed denial-of-service (DDoS) botnet infrastructure codenamed “DeltaCharlie” is also believed to be used by Hidden Cobra. The tool’s capabilities range from downloading additional components to self-removal from infected machines. Proposed mitigation solutions include updating and patching operating systems and applications to their latest version, application whitelisting, restrictive administrative privileges, network segregation, firewalls, logging and access control lists.

“We recommend that organizations upgrade these applications to the latest version and patch level. If Adobe Flash or Microsoft Silverlight is no longer required, we recommend that those applications be removed from systems,” reads the alert.

About the author


Liviu Arsene is the proud owner of the secret to the fountain of never-ending energy. That's what's been helping him work his everything off as a passionate tech news editor for the past couple of years. He is the youngest and most restless member of the Bitdefender writer team and he covers mobile malware and security topics with fervor and a twist. His passions revolve around gadgets and technology, and he's always ready to write about what's hot and trendy out there in geek universe.

Add Comment

Click here to post a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.