Skip to main content

U.S. blames North Korea for hacking spree, says more attacks likely



The U.S. government on Tuesday issued a rare alert squarely blaming the North Korean government for a raft of cyber attacks stretching back to 2009 and warning that more were likely.

The joint warning from the U.S. Department of Homeland Security and the Federal Bureau of Investigation said that "cyber actors of the North Korean government," referred to in the report as "Hidden Cobra," had targeted the media, aerospace and financial sectors, as well as critical infrastructure, in the United States and globally.

The new level of detail about the U.S. government's analysis of suspected North Korean hacking activity coincides with increasing tensions between Washington and Pyongyang because of North Korea's missile tests. 

The alert warned that North Korea would continue to rely on cyber operations to advance its military and strategic objectives.

North Korea has routinely denied involvement in cyber attacks against other countries.

The North Korean mission to the United Nations was not immediately available for comment.

Tuesday's alert said Hidden Cobra has been previously referred to by private sector experts as Lazarus Group and Guardians of the Peace, which have been linked to attacks such as the 2014 intrusion into Sony Corp's (6758.T) Sony Pictures Entertainment.

Symantec Corp (SYMC.O) and Kaspersky Lab both said last month it was "highly likely" that Lazarus was behind the WannaCry ransomware attack that infected more than 300,000 computers worldwide, disrupting operations at hospitals, banks and schools.

The alert did not identify specific Hidden Cobra victims. It said the group had compromised a range of victims and that some intrusions had resulted in thefts of data while others were disruptive. 

The group's capabilities include denial of service attacks, which send reams of junk traffic to a server to knock it offline, keystroke logging, remote access tools and several variants of malware, the alert said.

John Hultquist, a cyber intelligence analyst with FireEye Inc (FEYE.O), said that his firm was concerned about increasingly aggressive cyber attacks from North Korea.

The hacks include cyber espionage at South Korean finance, energy and transportation firms that appears to be reconnaissance ahead of other attacks that would be disruptive or destructive, he said.

"It suggests they are preparing for something fairly significant," he added.

Hidden Cobra commonly targets systems that run older versions of Microsoft Corp (MSFT.O) operating systems that are no longer patched, the alert said, and also used vulnerabilities in Adobe Systems Inc's (ADBE.O) Flash software to gain access into targeted computers.

The report urged organizations to upgrade to current versions of Adobe Flash and Microsoft Silverlight or, when possible, uninstall those applications altogether.

Microsoft said it an emailed statement that it had "addressed" the Silverlight issue in a January 2016 software update. 

Adobe said via email that it patched the vulnerabilities in June 2016.

North Korean hacking activity has grown increasingly hostile in recent years, according to Western officials and cyber security experts.

The alert arrived on the same day that North Korea released an American university student who had been held captive by Pyongyang for 17 months.

Otto Warmbier, 22, was on his way back to the United States on Tuesday but in a coma and in urgent need of medical care, according to Bill Richardson, a veteran former diplomat and politician who has played a role in past negotiations with North Korea.

"The U.S. government seeks to arm network defenders with the tools they need to identify, detect and disrupt North Korean government malicious cyber activity that is targeting our country's and our allies’ networks," a DHS official said about the alert. 

The official was not authorized to speak publicly.

Comments

Popular posts from this blog

Armenian protesters block traffic, railways & airport as protest leader loses PM bid

Anti-government protesters disrupted traffic in Armenia’s capital, blocking railways and roads leading to Yerevan International Airport, after the parliament voted against opposition leader Nikol Pashinyan’s bid for interim PM.
Protesters managed to block streets connecting downtown Yerevan to residential districts, disrupting transportation in Armenia’s capital, footage from the scene shows. 
Yerevan’s metro system has also been paralyzed as demonstrators sit on the tracks, preventing trains from passing.
Meanwhile, protesters disrupted traffic on a road leading to Yerevan’s Zvartnots International Airport, located just 12km from the center of the city. 
Consequently, some passengers had to go the rest of the way on foot in order to catch their flights, according to Sputnik news agency.
Railway services have also been disrupted all across the country amid the demonstrations, a spokesman for South Caucasus Railways confirmed to Interfax. 
Some other highways, including the one connecting th…

Iran Killing Command: The use of firearms in dealing with protesters

The document you see on the image is the order of the commander of the Tehran repressive force to all the units based in the city.

Based on this agenda, the mercenaries of the corrupt government Islamic Republic of Iran have been allowed to use firearms in the event of any protest movement against people by the regime.
This is a murder command.
The repressive force of the law, known to the world's famous police and guardians, should protect the lives of its citizens, by freeing their mercenaries, they allow them to murder Iranians who are protesting the corruption in the government and you have the important message that if you come to the streets in protest of corruption and torture and massacre, we will kill you.
Because, according to criminal Khomeini, maintenance of the system is obligatory.
A corrupt government that is so hideous that spend billions of dollars from the national treasury and popular capitalto the suppression of its people and the countries of the region, must be ov…

ایران فرمان قتل : دستور استفاده از سلاح گرم در برخورد با معترضان

سندی که در تصویر میبینید دستور فرمانده نیروی سرکوبگر انتظامی تهران به همه یگانهای مستقر در این شهر است.
بر اساس این دستور کار ، مزدوران حکومت فاسد نظام جمهوری اسلامی اجازه یافته اند که درصورت بروز هرگونه جنبش اعتراضی از سوی مردم علیه رژیم ، از سلاح گرم استفاده کنند.
این دستور یک فرمان قتل است.
نیروی سرکوبگر انتظامی که به ظاهر و تعریف شناخته شده پلیس در سراسر جهان ، میبایست حافظ جان شهروندان باشد ، با آزاد گذاشتن دست مزدوران چکمه پوش خود انها را مجاز به قتل ایرانیان معترض به فسادهای موجود درلایه های حکومت میکنند و این پیام مهم را در خود دارد که اگر در اعتراض به  فساد و شکنجه و کشتار به خیابانها بریزید شما را خواهیم کشت.
چرا که به گفته خمینی دجال، حفظ نظام از اوجب واجبات است.
حکومت فاسدی که انقدر وقیح هست که میلیاردها دلار از خزانه ملی و سرمایه مردمی را صرف سرکوب مردم خود و کشورهای منطقه میکند باید سرنگون کرد.
اکنون چهل سال است که کشور ما به اشغال این ملایان جنایکتارخونخوار و اسلام تحمیلی در آمده است .
هنوز باورش برای برخی سخت است که درک کنند کشور ما به معنای واقعی کلمه از سوی بنیادگرایان الله…