Vendredi, 17 Novembre 2017
Dernières nouvelles
Principale » DHS, FBI describe North Korea's use of FALLCHILL malware

DHS, FBI describe North Korea's use of FALLCHILL malware

15 Novembre 2017

The technical alert from the Federal Bureau of Investigation and Department of Homeland Security says a remote administration tool (RAT) called FALLCHILL has been deployed by Hidden Cobra since 2016 to target the aerospace, telecommunications and finance industries.

US-CERT, the Department of Homeland Security team responsible for analyzing cybersecurity threats, has posted a warning about cyber attacks by the North Korean government, which it collectively refers to as "Hidden Cobra". The tools appear to target the financial, aerospace, and media industries and other critical infrastructure sectors in the United States and globally.

FALLCHILL, the alert said, is issued from a command and control (C2) server to a victim's system using multiple proxies to obfuscate network traffic.

Grève de ce jeudi 16 novembre: s'informer sans s'inquiéter
Cependant, des perturbations sont à prévoir dans les aéroports. "Légères perturbations" sur les TER et Intercités . La RATP anticipe pour sa part une journée normale "sur l'ensemble des réseaux" (métro, RER, bus, tramway).

"Fallchill typically infects a system as a file dropped by other Hidden Cobra malware or as a file downloaded unknowingly by users when visiting sites compromised by Hidden Cobra actors", the advisory reads.

It said FBI investigators suspect the Fallchill tool has been used since 2016 and Volgmer since 2013. The agencies warned of "severe impacts" from successful intrusions, including the loss of proprietary information and operational disruptions.

In terms of operation, Fallchill allows the malicious actors to retrieve information about all installed disks; create, start and terminate new processes and their primary thread; read, search, write, move and execute files; access and modify file or directory timestamps; change the directory for a process or file and delete malware and related artifacts from the infected system.

DHS, FBI describe North Korea's use of FALLCHILL malware