A cyber alert issued by the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) warned against a malicious attack known as "Hidden Cobra" from locations within the People's Democratic Republic of Korea (DPRK).
The Hidden Cobra malware is associated with two better-known purveyors of malicious online activity — Lazarus Group and Guardians of the Peace — which private sector experts have linked to cyber attacks including the 2014 Sony hack, according to Reuters.
The FBI and the DHS detailed that internet protocol (IP) addresses previously associated with malware referred to as "DeltaCharlie," a software tool known to have been used by Pyongyang to run distributed denial-of-service (DDoS) botnet attacks, were associated with Hidden Cobra, according to the alert cited by Korea Times.
"If users or administrators detect the custom tools indicative of HIDDEN COBRA, these tools should be immediately flagged, reported to the DHS National Cybersecurity Communications and Integration Center (NCCIC) or the FBI Cyber Watch (CyWatch), and given highest priority for enhanced mitigation," the alert said, according to Korea Times.
Cyber security experts have begun ringing alarm bells, noting a sharp uptick in malicious online activities from the DPRK.
A cybersecurity analyst with the private company FireEye stated that his firm was on alert due to Pyongyang's increasingly aggressive cyberattacks, including attempted hacks on South Korean finance, energy and transportation networks that give the impression of advance reconnaissance presaging a major attack.
The increased activity from the DPRK "suggests they are preparing for something fairly significant," the analyst said, cited by Japan Times.
Also included in the rare US cyber alert are detailed explanations including indicators of compromise (IOCs), descriptions of the malware, key network signatures to be flagged, and "host-based" rules to assist cyber commandos in identifying, containing and destroying malicious network activities, according to Yonhap.
Cyber experts announced last month that Lazarus was thought to be behind the WannaCry ransomware attack that infected more than 300,000 Windows computers around the globe, describing the connection as "highly likely," according to Reuters.