Cyber Risk

U.S. warns again on hacks it blames on North Korea

(Reuters) - The U.S. government on Tuesday released an alert with technical details about a series of cyber attacks stretching back to at least 2009 that it blamed on the North Korean government.

A hooded man holds a laptop computer as cyber code is projected on him in this illustration picture taken on May 13, 2017. REUTERS/Kacper Pempel/Illustration

The warning is the third from the Department of Homeland Security and the Federal Bureau of Investigation about hacking operations dubbed “Hidden Cobra” that the United States charges were launched by Pyongyang.

A representative with Pyongyang’s mission to the United Nations declined comment. North Korea has routinely denied involvement in cyber attacks against other countries.

The report was published as U.S. and North Korean negotiators work to resuscitate plans for a possible June 12 summit between leaders of the two nations. The FBI and DHS released reports in June and November of 2017, when relations were tense between Washington and Pyongyang due to North Korea’s missile tests.

A Department of Homeland Security official said the U.S. government is confident North Korea’s government is behind the cyber operations, which it says target the media, aerospace and financial sectors and critical infrastructure in the United States and around the globe.

“The United States takes attribution seriously and does not make this conclusion lightly,” the official said in an emailed statement.

Tuesday’s alert did not identify specific victims, though it cited a February 2016 report from several security firms that blamed the same group for a 2014 cyber attack on Sony Pictures Entertainment.

The alert provided a list of 87 IP addresses, four malicious files and two email addresses it said were associated with “Hidden Cobra.”

It described two pieces of malicious software: the self-spreading “worm” Brambul that attackers use to infect computers and malware known as Joanap, which gives hackers remote control of devices so they can steal data, install additional viruses and perform other tasks.

Hidden Cobra has used Brambul and Joanap for several years, making little change to the malware over that period, said Vikram Thakur, a senior researcher with cyber security firm Symantec Corp.

The alert could prompt the attackers to change tactics, Thakur said. “Such activity normally forces attacker groups to expend considerable resources to develop and move away from publicly known malware behavior.

Reporting by Jim Finkle in Toronto; Additional reporting by Rodrigo Campos in New York; Editing by Leslie Adler and Chris Reese