DHS and FBI released a pair of Joint Technical Alerts (TA17-318A and TA17-318B) that provide details on tools and infrastructure used by North Korea to target the media, aerospace, financial, and critical infrastructure sectors in the United States and globally.
The North Korean government malicious cyber activity noted in these alerts is part of a long-term campaign of cyber-enabled operations that impact the U.S. Government and its citizens. W
Earlier this summer, DHS and FBI released a technical alert and malware analysis report (MAR) of a malware variant, known as DeltaCharlie, used to manage North Korea’s distributed denial-of-service (DDoS) botnet infrastructure. The U.S. Government refers to all of this North Korean malicious cyber activity as HIDDEN COBRA and it is published on the National Cybersecurity and Communications Integration Center’s (NCCIC) U.S. Computer Emergency Readiness Team’s (US-CERT) website at www.us-cert.gov/hiddencobra.
The NCCIC is the primary hub for information about cyber threats, vulnerabilities, and other risks. The NCCIC provides automated sharing of cyber threat indicators; the production of analytic reports and alerts containing threat and vulnerability mitigation information; and direct exchanges with analysts in the network defense community.
DHS and the FBI are looking to enhance their collaboration and partnerships across the globe to counter North Korea and other state or non-state actor’s malicious cyber activity.
Entities that find signs of this malicious cyber activity should report it to DHS’s National Cybersecurity and Communications Integration Center (NCCIC) or FBI through CyWatch or its local field offices.