PYONGYANG (dpa-AFX) - US authorities have issued an alert that the North Korean government has deployed a malware targeting computer networks of critical infrastructure sectors in the United States and globally.
A pair of joint technical alerts from the FBI and Department of Homeland Security says a remote administration tool (RAT) called FALLCHILL has been deployed by the so-called 'Hidden Cobra' hacker group since 2016 to target the American aerospace, telecommunications, automotive, media and finance industries.
DHS said the North Korean cyber attack is part of a long-term campaign of cyber-enabled operations that impact the U. S. Government and its citizens.
The internal security authorities said they are working closely with inter-agency, industry and international partners to address shared cyber threats targeting the networks and systems of US and its allies.
FALLCHILL allows Hidden Cobra to issue commands to a victim's server by dual proxies, which means it can potentially perform actions like retrieving information about all installed disks, accessing files, modifying file or directory timestamps and deleting evidence that it's been on the infected server.
The FBI and DHS posted a list of IP addresses linked to Hidden Cobra. The FBI says it 'has high confidence' that those IP addresses are linked to attacks that infect computer systems with Volgmer, a Trojan malware variant used by Hidden Cobra to exploit data on victims' networks.
DHS and FBI are distributing these IP addresses to enable network defense and reduce exposure to any North Korean government malicious cyber activity.
Users or administrators who detect activity associated with the FALLCHILL malware have been advised to immediately flag it, and report to the DHS National Cybersecurity and Communications Integration Center (NCCIC) or the FBI Cyber Watch (CyWatch).
Copyright RTT News/dpa-AFX