The U.S. Computer Emergency Readiness Team issued two alerts Nov. 14, warning organizations to monitor their network systems from attacks known collectively as Hidden Cobra, which are deployed by the North Korean government.
The technical alert was issued as a joint effort between the Department of Homeland Security and the FBI. It says that since 2016, a remote administration tool — dubbed FALLCHILL — has been used by Hidden Cobra to issue commands to a victim's server that enables it to confiscate the information on all installed disks, access files and delete any evidence it accessed the server. It typically targets the aerospace, telecommunications and finance industries.
The FBI and DHS posted a list of IP addresses — the numeric designation that identifies the users' locations on the internet — it believes are linked to Hidden Cobra.
The agencies added they have "high confidence" those addresses are correlated with attacks that infected computers with Volgmer, a Trojan malware variant also linked to Hidden Cobra.