The United States government has issued a rare warning about the
current, eight-year North Korean state-sponsored hacking operation.
The combined report of the FBI and US Department of Homeland Security (DHS) has given a description on "Delta Charlie", a malware version used by the "hidden cobra" hacking group that is part of its DODOS boatnet network worldwide Infects as many computers as hundreds of computers.
According to the report, hidden cobra groups of hackers are believed to be supported by the North Korean government and are known to launch cyber attacks against global organizations including media organizations, aerospace and financial sectors and important infrastructure.
While the U.S. government has labeled North Korean hacking group Hidden Cobra, it is often known as the Patron of the Lazarus Group and Peace - which is allegedly linked to the disastrous Vankeri Ransaware threat, which allows hospitals and businesses worldwide Turn off
Delta Charlie - DDOS Boatnet Malware
Agencies identified IP address with "high confidence" associated with "Delta Charlie" - a DDOS tool that DHS and FBI believe that North Korea attacks against non-off-service (DDOS) attacks against their targets Uses.
Delta Charnelli is able to launch various DDOS attacks on its target, including its Domain Name System (DNS) attacks, Network Time Protocol (NTP) attacks and Character Generation Protocol (CGP) attacks.
Botnet malware is able to download executability on infected systems, update their own binary, change their configuration in real-time, finish their process and activate and end DDOS attacks.
However, Delta Charlie DDOS malware is not new
In the beginning of Delta Charlie, Noveta told in its 2016 Operation Blobster Malware Report [PDF], which describes it as the third botnet malware from Delta Elfa and Deltabrow after North Korean hacking group.
Other malware used by hidden cobra include Dustower, Wild Positron or Deuser, and Zeland's sophisticated capabilities as well as DDOS Bottlists, Keyloggers, Remote Access Tools (RAT) and Wiper Malware.
Hidden Cobra's Favorite Weakers
Operations since 2009, Hidden Cobra usually targets systems running the old, unsupported version of the Microsoft operating system, and generally exploits vulnerabilities in the Adobe Flash Player to get the initial entry point in the victim's machine.
These are known vulnerabilities that generally affect the various applications used by the hidden cobra:
Hangul Word Processor Bug (sewai-2015-6585)
Microsoft Silverlight flaw (sewai-2015-8651)
Adobe Flash Player 18.0.0.324 and 19.x vulnerability (sewai-2016-0034)
Adobe Flash Player 21.0.0.197 Vulnerability (sewai-2016-1019)
Adobe Flash Player 21.0.0.226 Vulnerability (CVE-2016-4117)
The easiest way to prevent such attacks is always to keep your operating system and to update software and applications and to keep your network's assets safe behind the firewall.
Since the Adobe Flash Player has suffered many attacks and today the company has compromised nine vulnerabilities in the player, you have been advised to update or update from your computer.
The FBI and DHS have provided many agreements (IOC), malware details, network signatures, as well as host-based rules (Yara Rules) to detect activity carried out by defenders by North Korean state-sponsored Hacking Group.
"If the user or administrator detects the custom device indicator of the HIDDIN Cobra then these devices should be flagged immediately, DHS National Cyber Securities and Integration Center (NCCIC) or FBI Cyber Watch (COWACH) was informed and increased mitigation Top priority given for., "Reads the warning
In addition, agencies have provided a long list of users and network administrators, which you can follow here.
The combined report of the FBI and US Department of Homeland Security (DHS) has given a description on "Delta Charlie", a malware version used by the "hidden cobra" hacking group that is part of its DODOS boatnet network worldwide Infects as many computers as hundreds of computers.
According to the report, hidden cobra groups of hackers are believed to be supported by the North Korean government and are known to launch cyber attacks against global organizations including media organizations, aerospace and financial sectors and important infrastructure.
While the U.S. government has labeled North Korean hacking group Hidden Cobra, it is often known as the Patron of the Lazarus Group and Peace - which is allegedly linked to the disastrous Vankeri Ransaware threat, which allows hospitals and businesses worldwide Turn off
Delta Charlie - DDOS Boatnet Malware
Agencies identified IP address with "high confidence" associated with "Delta Charlie" - a DDOS tool that DHS and FBI believe that North Korea attacks against non-off-service (DDOS) attacks against their targets Uses.
Delta Charnelli is able to launch various DDOS attacks on its target, including its Domain Name System (DNS) attacks, Network Time Protocol (NTP) attacks and Character Generation Protocol (CGP) attacks.
Botnet malware is able to download executability on infected systems, update their own binary, change their configuration in real-time, finish their process and activate and end DDOS attacks.
However, Delta Charlie DDOS malware is not new
In the beginning of Delta Charlie, Noveta told in its 2016 Operation Blobster Malware Report [PDF], which describes it as the third botnet malware from Delta Elfa and Deltabrow after North Korean hacking group.
Other malware used by hidden cobra include Dustower, Wild Positron or Deuser, and Zeland's sophisticated capabilities as well as DDOS Bottlists, Keyloggers, Remote Access Tools (RAT) and Wiper Malware.
Hidden Cobra's Favorite Weakers
Operations since 2009, Hidden Cobra usually targets systems running the old, unsupported version of the Microsoft operating system, and generally exploits vulnerabilities in the Adobe Flash Player to get the initial entry point in the victim's machine.
These are known vulnerabilities that generally affect the various applications used by the hidden cobra:
Hangul Word Processor Bug (sewai-2015-6585)
Microsoft Silverlight flaw (sewai-2015-8651)
Adobe Flash Player 18.0.0.324 and 19.x vulnerability (sewai-2016-0034)
Adobe Flash Player 21.0.0.197 Vulnerability (sewai-2016-1019)
Adobe Flash Player 21.0.0.226 Vulnerability (CVE-2016-4117)
The easiest way to prevent such attacks is always to keep your operating system and to update software and applications and to keep your network's assets safe behind the firewall.
Since the Adobe Flash Player has suffered many attacks and today the company has compromised nine vulnerabilities in the player, you have been advised to update or update from your computer.
The FBI and DHS have provided many agreements (IOC), malware details, network signatures, as well as host-based rules (Yara Rules) to detect activity carried out by defenders by North Korean state-sponsored Hacking Group.
"If the user or administrator detects the custom device indicator of the HIDDIN Cobra then these devices should be flagged immediately, DHS National Cyber Securities and Integration Center (NCCIC) or FBI Cyber Watch (COWACH) was informed and increased mitigation Top priority given for., "Reads the warning
In addition, agencies have provided a long list of users and network administrators, which you can follow here.
Much about Technology and a bit about Everything. We provide high quality of Information and tips tricks than bookmark us.updates daily.Have a Visit.
No comments:
Post a Comment