The looming nuclear threats from North Korea have temporarily subsided but the nation’s cyber operations, labeled HIDDEN COBRA, have continued. The United States Computer Emergency Readiness Team (US-CERT) issued an updated version of a joint statement and technical report on behalf of the Department of Homeland Security and the Federal Bureau of Investigation. The original statement came in June.
The statement says that North Korea’s botnet infrastructure continues to operate and is targeting “media, aerospace, financial, and critical infrastructure sectors in the United States and globally.” The statement sumarizes HIDDEN COBRA activity dating back to 2009. It includes two separate technical reports on the Indicators of Compromise as well as a Malware Report that was released yesterday, August 23, 2017. The statement also provides some fairly substantive mitigation strategies. The full statement is included below and can be found here.