Thailand’s Computer Emergency Response Team (ThaiCERT) has seized a server operated by the North Korea-linked Hidden Cobra APT, which is used to control the global GhostSecret espionage campaign. The campaign is still ongoing.
ThaiCERT said in an alert on Wednesday that it is working with McAfee and law enforcement to analyze the control server, which was located at Thammasat University in Bangkok. Researchers said that the server has the same IP address as the one used in the infamous 2014 Sony Pictures hack, known to be linked to Hidden Cobra (a.k.a. the Lazarus Group) and North Korea.