The U.S. Computer Emergency Readiness Team has issued an alert that warns of possible malicious cyberactivity from North Korea.
“Working with U.S. Government partners, DHS and FBI identified Internet Protocol (IP) addresses associated with a malware variant, known as DeltaCharlie, used to manage North Korea’s distributed denial-of-service (DDoS) botnet infrastructure,” the alert notes. The government refers to this malicious cyberactivity as HIDDEN COBRA.
While the alert specifically mentions the media, aerospace, financial, and critical infrastructure sectors, the healthcare industry could be impacted, and organizations should be particularly wary after the recent WannaCray attacks that crippled many healthcare organizations globally.
“Tools and capabilities used by HIDDEN COBRA actors include DDoS botnets, keyloggers, remote access tools (RATs), and wiper malware. Variants of malware and tools used by HIDDEN COBRA actors include Destover, Wild Positron/Duuzer, and Hangman,” U.S. Cert says in the alert.
It also points out that HIDDEN COBRA actors commonly target systems running on older and unsupported version of Microsoft operating systems.
“The multiple vulnerabilities in these older systems provide cyber actors many targets for exploitation. These actors have also used Adobe Flash player vulnerabilities to gain initial entry into users’ environments,” the alert says.
In particular, it points to the following vulnerabilities:
- CVE-2015-6585: Hangul Word Processor Vulnerability
- CVE-2015-8651: Adobe Flash Player 188.8.131.524 and 19.x Vulnerability
- CVE-2016-0034: Microsoft Silverlight 5.1.41212.0 Vulnerability
- CVE-2016-1019: Adobe Flash Player 184.108.40.206 Vulnerability
- CVE-2016-4117: Adobe Flash Player 220.127.116.11 Vulnerability