Two joint technical alerts issued by the Department of Homeland Security and the FBI through the U.S. Cybersecurity Emergency Readiness Team shine some light on tools and infrastructure used by North Korea to attack U.S. media, aerospace, financial services, critical infrastructure and government networks.
The alerts explain some of the operational aspects of North Korea’s “Hidden Cobra” malicious cyber activity, which the two agencies brought to light last June.
The two latest warnings include a list of IP addresses that have targeted government, media, aerospace, financial and critical infrastructure sectors, as well as a remote administration tool called FALLCHILL, which is used by the North Korean government to control malware that has already infiltrated targeted servers.
