North Korea’s DDoS Botnet Infrastructure
Since 2009, Hidden Cobra actors have leveraged their capabilities to target and compromise a range of victims; some intrusions have resulted in the exfiltration of data while others have been disruptive in nature. Commercial reporting has referred to this activity as Lazarus Group and Guardians of Peace. DHS and the FBI assess that Hidden Cobra actors will continue to use cyber operations to advance their government’s military and strategic objectives.
Tools and capabilities used by Hidden Cobra actors include DDoS botnets, keyloggers, remote access tools (RATs), and wiper malware.
The hack commonly targets systems running older, unsupported versions of Microsoft operating systems. The multiple vulnerabilities in these older systems provide targets for exploitation. Adobe Flash player vulnerabilities have also been used to gain entry into compromised networks.
What should I do?
These are the known vulnerabilities used to exploit this vulnerability:
- CVE-2015-6585: Hangul Word Processor Vulnerability
- CVE-2015-8651: Adobe Flash Player 22.214.171.1244 and 19.x Vulnerability
- CVE-2016-0034: Microsoft Silverlight 5.1.41212.0 Vulnerability
- CVE-2016-1019: Adobe Flash Player 126.96.36.199 Vulnerability
- CVE-2016-4117: Adobe Flash Player 188.8.131.52 Vulnerability
We recommend organizations upgrade these applications to the latest version and patch level. If Adobe Flash or Microsoft Silverlight is no longer required, we recommend that those applications be removed from systems.
Further details can be found here.
Start a free, 14-day trial of Syxsense, which helps organizations from 50 to 10,000 endpoints monitor and manage their environment, all from just a web browser. An email will be automatically sent to the address you provide.