North Korea’ Hidden Cobra group behind eight years of hacks, says US

CERT-LatestNews Malware Security News SocialEngineering SymantecNews ThreatsActivists ThreatsCybercrime ThreatsEconomic ThreatsStrategic

Washington, DC: The US government is issuing a rare alert on the activities of a hacking group it dubs “Hidden Cobra,” saying the group is part of the North Korean government and more attacks are likely.

The joint alert from the US Department of Homeland Security and the Federal Bureau of Investigation said on Tuesday that “cyber actors of the North Korean government” had targeted the media, aerospace and financial sectors, as well as critical infrastructure, in the United States and globally.

Up Next

‘We are not winning in Afghanistan’ – US Defence Secretary


Video duration

More World News Videos

North Korea war would be ‘catastrophic’: Mattis

US Defence Secretary James Mattis says a conflict in North Korea would be the ‘worst kind of fighting in most people’s lifetimes.’

North Korea has routinely denied involvement in cyber attacks against other countries. The North Korean mission to the United Nations was not immediately available for comment.

The alert said Hidden Cobra has compromised a range of victims since 2009 and that some intrusions had resulted in thefts of data while others were disruptive. The group’s capabilities include denial of service attacks, which send reams of junk traffic to a server to knock it offline, keyloggers, remote access tools and several variants of malware, the alert said.

Hidden Cobra commonly targets systems that run older versions of Microsoft Corp operating systems that are no longer patched, the alert said.

North Korean hacking activity has grown increasingly hostile in recent years, according to Western officials and cyber security experts.

North Koreans are dwarfed by giant portraits of the late North Korean leaders Kim Il Sung and Kim Jong Il in Wonsan, ... North Koreans are dwarfed by giant portraits of the late North Korean leaders Kim Il Sung and Kim Jong Il in Wonsan, North Korea.  Photo: AP

The cyber firm Symantec Corp said last month it was “highly likely” that a hacking group affiliated with North Korea called Lazarus Group was behind the WannaCry cyber attack that infected more than 300,000 computers worldwide, disrupting operations at hospitals, banks and schools.

Tuesday’s alert said Hidden Cobra’s cyber attacks have been previously referred to by private sector experts as Lazarus Group and Guardians of the Peace, which have been linked to attacks such as the 2014 intrusion into Sony Corp’s Sony Pictures Entertainment.

North Korean leader Kim Jong-un. North Korean leader Kim Jong-un.  Photo: AP