US says North Korean malware lurking in computer networks

November 15, 2017

US authorities said Tuesday malware developed in North Korea is still lurking in many computer networks, giving hackers backdoor access to government, financial, automotive and media organizations.

An alert issued by the Department of Homeland Security warned of surreptitious activity by the so-called "Hidden Cobra" group, also known by the name "Lazarus."

US officials earlier this year blamed the group for a series of cyberattacks dating back to 2009, saying it was linked to the Pyongyang government.

In Tuesday's warning, the DHS Computer Emergency Response Team (CERT) said the hacker could still maintain a presence on victims' networks with the aim of "further exploitation."

The said some networks could be infected with the Volgmer "backdoor Trojan" or a remote administration tool known as Fallchill, which can give hackers complete control of a system.

It said FBI investigators suspect the Fallchill tool has been used since 2016 and Volgmer since 2013.

Private security analysts refer to Hidden Cobra as the "Lazarus" group of hackers linked to North Korea and likely behind a series of multimillion-dollar cyber thefts from banks around the world.

Some analysts say the Lazarus group may also have been behind the WannaCry ransomware outbreak earlier this year.

Hackers in the Hidden Cobra or Lazarus group have been active since 2009 and "have leveraged their capabilities to target and compromise a range of victims," according to a DHS report in June.

"Some intrusions have resulted in the exfiltration of data while others have been disruptive in nature."

DHS and FBI officials say the group "will continue to use cyber operations to advance their government's military and strategic objectives," according to the DHS report.

North Korea has denied orchestrating any cyber attacks, but the latest report comes amid rising tensions with the United States over the communist regime's nuclear testing program.

Explore further: US blames North Korea for series of cyberattacks

Related Stories

US blames North Korea for series of cyberattacks

June 14, 2017

U.S. officials are blaming the North Korean government for a series of cyberattacks dating to 2009 against media, aerospace, financial sectors and infrastructure in the United States and around the world.

North Korea gets second web connection via Russian firm

October 5, 2017

A state-owned Russian company has opened up a second internet connection for North Korea which could strengthen Pyongyang's cyber capabilities and undermine US efforts to isolate the regime, security experts said.

Recommended for you

FCC votes along party lines to end 'net neutrality' (Update)

December 14, 2017

The Federal Communications Commission repealed the Obama-era "net neutrality" rules Thursday, giving internet service providers like Verizon, Comcast and AT&T a free hand to slow or block websites and apps as they see fit ...

US faces moment of truth on 'net neutrality'

December 14, 2017

The acrimonious battle over "net neutrality" in America comes to a head Thursday with a US agency set to vote to roll back rules enacted two years earlier aimed at preventing a "two-speed" internet.

The wet road to fast and stable batteries

December 14, 2017

An international team of scientists—including several researchers from the U.S. Department of Energy's (DOE) Argonne National Laboratory—has discovered an anode battery material with superfast charging and stable operation ...

0 comments

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.