Latest in Gear

Image credit:

Feds reveal technical details of North Korea's cyber attacks

NK has apparently been using a malware called FALLCHILL to infiltrate aerospace and telecom networks.
Mariella Moon, @mariella_moon
November 14, 2017
Share
Tweet
Share

Sponsored Links

AFP

North Korea has been running a hacking campaign targeting aerospace, telecommunications and financial industries in the US since 2016, according to alerts issued by the government. Homeland Security and the FBI have released the technical details of what they say are North Korean-sponsored cyber attacks in an effort to help companies protect themselves. The alerts contain IP addresses associated with Volgmer, one of the backdoor Trojans the hackers have been using for years.

They also contain info on the FALLCHILL malware North Korean hackers have reportedly been using to compromise networks in the aforementioned sectors. FALLCHILL gains entry into a computer when a user visits an infected website and unwittingly downloads it. It could also come as a secondary payload brought about by another malware that had infected the system. Once it's in, FALLCHILL can retrieve info, as well as execute, terminate and move processes and files. The malware can also clean up after itself, making it hard to detect its presence.

According to the feds, both Volgmer and FALLCHILL are part of North Korea's "Hidden Cobra" program, which was created to deploy cyber attacks against enemy states. The US government had already issued a warning about Hidden Cobra earlier this year, claiming that it's been infiltrating media, financial, aerospace and critical infrastructure sectors in the US and around the globe since 2009.

If the name doesn't exactly sound familiar, it's because they're apparently more widely known as the Guardians of Peace -- the group that claimed responsibility for the massive Sony Pictures hack in 2014 -- and the Lazarus Group. North Korea, however, continues to deny all the hacking allegations thrown at it, including the attack on Sony Pictures and the theft of F-15 fighter jet wings' blueprints from South Korea's computers.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

Presenting the Best of CES 2021 winners!

Presenting the Best of CES 2021 winners!

View
Bloomberg: 'Cyberpunk 2077' full development didn't start until 2016

Bloomberg: 'Cyberpunk 2077' full development didn't start until 2016

View
Canon made a site that lets you 'take photos' from a real satellite

Canon made a site that lets you 'take photos' from a real satellite

View
Philips Hue module turns any light switch into a smart switch

Philips Hue module turns any light switch into a smart switch

View
The next iPhone might have an in-screen fingerprint scanner

The next iPhone might have an in-screen fingerprint scanner

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr