Sunday, June 18, 2017

Feds release a critical technical alert on North Korean cyber threat

The U.S. Computer Emergency Readiness Team has released a critical technical alert on the tools and infrastructure being utilized by North Korean agents to target the media, aerospace and financial sectors of the US and elsewhere, as well as critical infrastructures that could involve the healthcare industry.

“Working with U.S. Government partners, the Department of Homeland Security and the FBI recognized Internet Protocol addresses linked with a malware variant, termed as DeltaCharlie, used to manage North Korea’s distributed denial-of-service botnet infrastructure,” in accordance with the critical technical alert from CERT.

Older and unsupported versions of Microsoft operating systems are specifically vulnerable to attack, in accordance with the alert. “These actors have also used Adobe Flash player vulnerabilities to gain entry into users’ environments.” Further, 5 applications are particularly vulnerable:

A botnet, according to TechTarget.com, “is a collection of Internet-connected devices which may involve PCs, servers, mobile devices and Internet of Things (IoT) devices that are infected and controlled by a common type of malware. Users are mostly unaware of a botnet infecting their system.” 5 applications are particularly vulnerable:

  • CVE-2015-6585: Hangul Word Processor Vulnerability

  • CVE-2015-8651: Adobe Flash Player 18.0.0.324 and 19.x Vulnerability

  • CVE-2016-0034: Microsoft Silverlight 5.1.41212.0 Vulnerability

  • CVE-2016-1019: Adobe Flash Player 21.0.0.197 Vulnerability

  • CVE-2016-4117: Adobe Flash Player 21.0.0.226 Vulnerability


The CERT critical technical alert further walks though indicators of compromise, malware descriptions, network signatures and rules to trace North Korean cyber activity.

The government is calling the activity HIDDEN COBRA and any such activity detected should be instantly flagged and reported to the DHS National Cybersecurity Communications and Integration Center or the FBI Cyber Watch. Detection of the North Korean tools compels instant enhanced mitigation.

Other tools used by North Korean actors involve keyloggers (record key strokes to gain access to passwords); remote access tools (ability to access remote computers) and wiper malware (wipe data from hard drives and other storage units).

The U.S. CERT alert also involves links to download indicators of compromise. The complete alert is available here.

 

No comments:

Post a Comment