The Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) on Tuesday, November 14, 2017 issued two joint technical alerts. Both alerts pertain to threats from North Korean cyber actors: The remote administration tool (RAT) known as Fallchill and the trojan malware Volgmer. The tools appear to target the financial, aerospace, and media industries and other critical infrastructure sectors in the US and globally.
The North Korean government has engaged in long-term campaigns to target civilian and government systems and networks in the US. US-CERT, which is part of the DHS National Cybersecurity Communications Integration Center (NCCIC), released in August 2017 an analysis of a piece of malware known as DeltaCharlie, which North Korea uses in launching distributed denial of service (DDoS) attacks on companies or other domains. Government agencies refer to cyber actors or specific exploits by code names, and have grouped this suspected North Korean activity under the name Hidden Cobra.
SEE: IT leader’s guide to the threat of cyberwarfare (Tech Pro Research)
3 tips for network admins regarding Fallchill and Volgmer
- The new alerts for Fallchill and Volgmer include both indicators of compromise (IOCs), as well as IP addresses linked to systems infected with Fallchill malware, malware descriptions, and associated signatures. Administrators in critical infrastructure sectors can use these to update their own cyber defenses and network protection.
- It’s a good idea to make sure your organization is taking the risk of spear phishing seriously. This could involve online or in-person training, as well as regular follow-up education and sharing of best practices.
- Small businesses in particular may be unfamiliar if or how they relate to the 16 designated critical infrastructure sectors. There’s more information available from DHS here and here.