The US government issued a warning about a rare piracy operation going on in North Korea last eight years.
He presented the joint FBI report and the Homeland Security Department details on the US “DeltaCharlie”, a malicious program used by the Hidden Cobra group of piracy to infect hundreds of thousands of computers across the World as part of a DOS botnet network.
The report says that the hidden group cobras of the pirates are suspected of being backed by the North Korean government, as they are known to have launched electronic attacks against global organizations, including media organizations, space And the financial sector and vital infrastructure.
While the US government described the North Korean hacking group, often known as Lazarus, a peace and security group – allegedly linked to the risk of Wanna cry Ransomware being destroyed by hospitals and the world.
Deltacharlie – botnet DDoS malware
Agencies identified Ibb addresses with “high confidence” related to “Deltacharlie” – a DOS utility that is supposed to take in the FBI that North Korea used to launch distributed service (DoS) attacks against its objectives.
Deltacharlie able to launch a variety of DDoS attacks on its objectives, including DNS (Design) attacks, Network Protocol (NNTP) attacks, and Character Generation Protocols (SGB).
Malware Botnet able to download executable files on infected systems, and update their own binaries, and change their real-time configuration, and terminate its operations, enable and terminate DDoS attacks.
However, the Malware Deltacharlie DOS is not new.
It was reported Deltacharlie initially by Novia in 2016 process Blockbuster report malware [PDF], which described this as a third of the malicious robots of the North Korean hacking group after the Delta Alpha & DeltaBravo.
Other malicious software that uses hidden cobras Zovr, wild or Bosiron bulldozer, and hangman with advanced features, including Botnets Back, Keyloggers, Remote Access Tools (Ratz), Malware Doormat.
Cobra Preferred Hidden Vulnerabilities
Since 2009, hidden Cobras usually work on older versions running and are not supported by Microsoft operating system systems, typically exploit vulnerabilities in Adobe Flash Player to get the first Focusing on the victim’s machine.
These are known vulnerabilities that affect different applications that are exploited normally hidden Cobra:
- Hangul Mot Brosissour Boge (palm-2015-6585)
- Microsoft fault Sylvrli (palm-2015-8651)
- Adobe Flash Player 220.127.116.114 and 19.x Vollnerapeleta (palm-2016-0034)
- Adobe Flash Player 18.104.22.168 vulnerabilities (Palm-2016-1019)
- Adobe Flash Player 22.214.171.124 vulnerabilities (Palm-2016-4117)
The way to defend against such attacks is easier to always keep your operating system and install the software and applications to this day, and protect your network assets behind the firewall.
Since Adobe Flash Player vulnerable to most attacks and only today, the company patched nine vulnerabilities in the drive it is advisable to update or remove completely from your computer.
The Federal Bureau of Investigation provided (FBI) and DS (DS) Most compromise indicators (UK) and malicious signing network descriptions as well as host-based rules (Yara) Rules To try to help defenders detect activities undertaken by piracy sponsored by a Korean state group.
“If users or supervisors reveal personalized tools that indicate hidden cobras, these tools should be reported immediately and notified to the National Cybersecurity Integration Communications and Integration Center (nSix) or the Federal Bureau of Investigation (Seppi et al. H) (Cioach), and give priority to the promotion of mitigation, “the alert reads as follows.
In addition, agencies have also provided a long list of mitigation measures for users and network administrators, which you can follow here.