On June 13, 2017, the Department of Homeland Security published an alert regarding malicious cyber activity by the North Korean government, known as Hidden Cobra. Per the DHS and FBI, Hidden Cobra uses cyber operations to the government and military's advantage by exfiltrating data and causing disruptive cyber intrusions. Potential impacts of a Hidden Cobra attach can include "temporary or permanent loss of sensitive or proprietary information, disruption to regular operations, financial losses incurred to restore systems and files, and potential harm to an organization's reputation." The DHS publication outlines ways to detect and protect against the malicious activity and suggests that organizations work to upgrade and/or remove older Microsoft operating systems and older versions of Adobe Flash Player, Microsoft Siverlight, and Hangul Word Processor. Further, organizations should review and block all IP addresses listed in the "indicators of compromise" list provided, review and enforce incident response plans, and contact the DHS and FBI to report any potential Hidden Cobra intrusions. The full DHS publication can be found here. We suggest that IT departments carefully review the full alert and take any steps possible to mitigate risk to the organization.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
