Both US agencies call the malicious activity “Hidden Cobra” but it also known as Lazarus Group by security firms. Cyber actors for the North Korean government are targeting U.S. critical infrastructure such as finance and media. Through the use of a malware called DeltaCharlie, they are able to install DDoS botnets, keyloggers, remote access tools (RATs), and wiper malware. Hidden Cobra is managing to access infrastructure by exploiting older version of Microsoft programs and Adobe Flash vulnerabilities. The latter has long been a security risk, resulting in web browsers turning their back on the dated software. In its alert, the Homeland Security Department and FBI list the exploited services:
CVE-2015-6585: Hangul Word Processor Vulnerability CVE-2015-8651: Adobe Flash Player 18.0.0.324 and 19.x Vulnerability CVE-2016-0034: Microsoft Silverlight 5.1.41212.0 Vulnerability CVE-2016-1019: Adobe Flash Player 21.0.0.197 Vulnerability CVE-2016-4117: Adobe Flash Player 21.0.0.226 Vulnerability
The varying attacks include data stealing and disruptive malware.
Microsoft Response
Considering the version of Microsoft Silverlight being exploited is now unsupported, it is unclear whether the company will issue a patch. Last week, the company took the unprecedented step of patching an unsupported Windows build. The much-loved Windows XP left support in 2014 and is over a decade and a half old. However, a Windows backdoor used by the NSA was leaked and the now infamous WannaCry malware spread to hundreds of millions of machines worldwide. Microsoft decided to patch all unsupported Windows versions to prevent further exploit. It is almost unheard of that the company would return to patch an unsupported build.