+ A

Washington issues alert on cyberattacks

Warning comes after FBI identified Pyongyang activity
June 15,2017
The U.S. government issued a public alert Tuesday that warned against cyber actors of the North Korean government targeting the media, aerospace, financial and “critical infrastructure sectors in the United States and globally” since 2009.

The so-called Technical Alert was jointly issued by the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI), who identified IP addresses associated with a malware variant known as DeltaCharlie. The virus was used to manage North Korea’s distributed denial-of-service (DDoS) botnet infrastructure, the report read. The U.S. government has named the malicious cyberactivity Hidden Cobra.

Neither the victims nor the amount of damages were specified.

The FBI said it had “high confidence” that Hidden Cobra actors were using the IP addresses for further network exploitations and will continue to use cyber operations “to advance their government’s military and strategic objectives.”

Systems running older and unsupported versions of Microsoft operating systems were said to be the main target of the Hidden Cobra. The North Korean hackers also used Adobe Flash player vulnerabilities to gain initial entry into users’ environments.

Hangul, a popular word processing application in South Korea created by the domestic company Hancom, was also affected.

“We recommend that organizations upgrade these applications to the latest version and patch level,” said the report. “If Adobe Flash or Microsoft Silverlight is no longer required, we recommend that those applications be removed from systems.”

The impact was described as temporary or permanent loss of sensitive or proprietary information, disruption to regular operations, financial losses incurred to restore systems and files and potential harm to an organizations’ reputation. Users or administrators who detect any signs of Hidden Cobra were urged to immediately flag those custom tools and report to the U.S. government to receive the “highest priority” for enhanced mitigation.

North Korea customarily denies any involvement in cyberattacks against foreign countries and has yet to release a statement on Washington’s Technical Alert.

But the North has a long history of alleged cyberattacks. South Korea’s National Defense Ministry was quick to blame the North when its intranet was hacked for the first time last September. It was not until recently that the ministry admitted one of the leaked pieces of information was Operations Plan 5027, also known as Oplan 5027, the main military plan by South Korea-U.S. allied forces to react to a possible North Korean invasion.

Last month, local authorities said they found solid evidence that indicated North Korea hacked into 63 automated teller machines across the country here in February, stealing user information for nearly 2,500 payment cards and siphoning off cash from at least 28 people.

In 2014, North Korea was also accused of the hack of Sony Pictures for its comedy “The Interview,” which depicts the slow-motion assassination of its leader Kim Jong-un. Some experts, however, expressed doubt about the North’s involvement.

BY LEE SUNG-EUN [lee.sungeun@joongang.co.kr]