How North Korea is hacking companies and governments

The U.S. federal government has revealed new information regarding two viruses it says North Korea is definitely using to attack companies and governments.

The Section of Homeland Reliability (DHS) and the FBI issued joint alerts on Tuesday warning about two types of malware, or malicious software, that North Korean hackers are allegedly using against organizations across industries such as aviation, finance, telecoms and media.

Related: Russia just offered North Korea’s internet a large boost

One of them, known as FALLCHILL, features likely been in make use of since 2016 and allows hackers to keep an eye on and control infected computers remotely. It commonly spreads through data files dropped by additional malware or when users inadvertently download it by visiting websites that are already infected.

In addition, it uses multiple layers of “proxy malware,” in line with the DHS and FBI, that allow it to disguise its origin and help to make the hackers harder to trace.

The other kind of malware, Volgmer, infects computers through a technique known as spear phishing, where users get an apparently legitimate email with a web link that then spreads the virus. North Korean hackers have already been applying Volgmer since at least 2013, the U.S. authorities said.

Pyongyang has repeatedly denied involvement in any international cyberattacks.

Related: North Korea’s lengthy history of hacking

The FBI and DHS said both types of malware are associated with HIDDEN COBRA, a term the U.S. federal government uses to refer to “malicious cyber activity by the North Korean federal government.”

The security agencies said in June this year that HIDDEN COBRA — which include groups such as Lazarus and Guardians of Peace which have been linked to previous attacks — has been operating since 2009.

The DHS and FBI also discovered dozens of IP addresses across several countries through which they believe Volgmer attacks are being routed. India makes up about the biggest show of the IP addresses, with around 25%, accompanied by Iran and Pakistan.

“This highlights the necessity for nations to protect their infrastructure, not only because of their own sake but also to ensure they don’t become a pawn in somebody else’s war game,” explained Subramanian Udaiyappan, a cybersecurity consultant with Cisco (CSCO, Tech30) in India.

“Attackers persist with their already exploited infrastructure and tend to re-use them, this means India could turn into an unwilling perpetrator of additional such attacks if action isn’t taken immediately,” he added.

Related: North Korea is wanting to amass a bitcoin battle chest

North Korea features been linked to many of the most high-account cyberattacks recently, including a $101 million theft from Bangladesh’s central bank in 2016, disruptions to neighbor South Korea’s systems on multiple situations and a 2014 hack on motion picture studio Sony Pictures.

More recently, the authoritarian regime was first accused of being behind the WannaCry ransomware attack in May that crippled thousands of computers all over the world. A lawmaker in South Korea as well claimed fourteen days ago that North Korean hackers stole blueprints for South Korean warships and submarines.

Read more on: