The United States government has released a rare alert about an ongoing, eight-year-long North Korean state-sponsored hacking operation.
The joint report from the FBI and U.S. Department of Homeland Security (DHS) provided details on “DeltaCharlie,” a malware variant used by “Hidden Cobra” hacking group to infect hundreds of thousands of computers globally as part of its DDoS botnet network.
According to the report, the Hidden Cobra group of hackers are believed to be backed by the North Korean government and are known to launch cyber attacks against global institutions, including media organizations, aerospace and financial sectors, and critical infrastructure.
While the US government has labeled the North Korean hacking group Hidden Cobra, it is often known as Lazarus Group and Guardians of Peace – the one allegedly linked to the devastating WannaCry ransomware menace that shut down hospitals and businesses worldwide.
DeltaCharlie – DDoS Botnet Malware
The agencies identified IP addresses with “high confidence” associated with “DeltaCharlie” – a DDoS tool which the DHS and FBI believe North Korea uses to launch distributed denial-of-service (DDoS) attacks against its targets.
DeltaCharlie is capable of launching a variety of DDoS attacks on its targets, including Domain Name System (DNS) attacks, Network Time Protocol (NTP) attacks, and Character Generation Protocol (CGP) attacks.
The botnet malware is capable of downloading executables on the infected systems, updating its own binaries, changing its own configuration in real-time, terminating its processes, and activating and terminating DDoS attacks.
However, the DeltaCharlie DDoS malware is not new.
DeltaCharlie was initially reported by Novetta in their 2016 Operation Blockbuster Malware Report [PDF], which described this as the third botnet malware from the North Korean hacking group, after DeltaAlpha and DeltaBravo.
Source: The Hacker News