The FBI and the Department of Homeland Security issued a warning this week, saying the cyberattacks were carried out by actors within the North Korean government who are known as "Hidden Cobra". In particular, the NTP and DNS DDoS attacks seen in Hidden Cobra (Delta Charlie) are among the most common types of DDoS attacks as noted in our Incapsula Q1 DDoS report.
The North Korean government is very good at hacking-and they're targeting media, aerospace, and financial companies in the United States.
The US Department of Homeland Security and the Federal Bureau of Investigation made a joint statement on Tuesday, reports Reuters, in which they said the perpetrators of the attacks are "cyber actors of the North Korean government" who target computers running older unpatched versions of Microsoft Windows. "If Adobe Flash or Microsoft Silverlight is no longer required, we recommend that those applications be removed from systems". The Lazarus Group is commonly blamed for the Sony Pictures hack and the WannaCry ransomware. Variants of malware and tools used by HIDDEN COBRA actors include Destover, Wild Positron/Duuzer, and Hangman. Per the DHS and FBI, Hidden Cobra uses cyber operations to the government and military's advantage by exfiltrating data and causing disruptive cyber intrusions.
North Korean leader Kim Jong Un poses with participants during the 8th Congress of the Korean Children's Union (KCU) in this undated photo released by North Korea's Korean Central News Agency (KCNA) in Pyongyang, North Korea June 8, 2017.More news: Chelsea first opponents for Spurs at new 'home' Wembley
More news: Wolfenstein The New Colossus Revealed
More news: Cavaliers stun Warriors to win Game 4
Primarily, the joint report raises awareness about the North Korean group's cyberweapons and capabilities so defenders can detect and disrupt attacks.
"DeltaCharlie is a DDoS tool capable of launching Domain Name System attacks, Network Time Protocol attacks, and Character Generation Protocol attacks", according to the US-CERT bulletin.
According to USA authorities, North Korean hackers used a malware dubbed DeltaCharlie to control a DDoS botnet, which in turn the hackers leveraged to conduct widespread attacks.
Microsoft said it believes there was a potential risk of nation-state attackers exploiting 15 specific vulnerabilities, three of which are seven or more years old. "The multiple vulnerabilities in these older systems provide cyber actors many targets for exploitation".