An extremely rare alert was issued by the U.S. Government on Tuesday June 12th, 2017.   Malicious cyber activity by the North Korean Government code named "HIDDEN COBRA" has been occurring since 2009.

 

 

The FBI and Department of Homeland Security (DHS) has identified a very long list of IP addresses that are associated with malware known as DeltaCharlie.   This malware is targeting nations critical infrastructure such as the water supply and electrical grids. It is also targeting financial, media and aerospace businesses.

Hidden cobra actors are commonly targeting older, unsupported versions of Microsoft operating systems.  Once they infect the machine they are then used to launch a distributed denial of service (DDOS) attack against their victim.  Hidden cobra gets in to your system though the following exploits:

  • CVE-2015-6585: Hangul Word Processor Vulnerability
  • CVE-2015-8651: Adobe Flash Player 18.0.0.324 and 19.x Vulnerability
  • CVE-2016-0034: Microsoft Silverlight 5.1.41212.0 Vulnerability
  • CVE-2016-1019: Adobe Flash Player 21.0.0.197 Vulnerability
  • CVE-2016-4117: Adobe Flash Player 21.0.0.226 Vulnerability

 

What do you do now?

The best approach consists of two parts:

  1. Do everything possible to not allow these bad IP addresses to access your network at the perimeter of your network through your network in your firewall.
  2. Making sure that Adobe Flash Player and Microsoft Silverlight are either patched to the most recent level, or completely uninstalled.

If you are a client of The Best Geeks we are making sure that if you have these products installed, they are updated to the latest level.  If we are using our firewall log artificial intelligence then we are able to block the IP addresses that the FBI and DHS have identified associated with DeltaCharlie.  This is not an easy or simple undertaking, however for those of you that are paying for Firewall as a Service or Network as a Service we are doing this for you as part of our agreement!

If you want to see all of the details of "Hidden Cobra" here is the link you can click from the DHS United States Computer Emergency Readiness Team.

 

On a related topic, numerous news sources have stated that North Korea was behind the WannaCry Ransomware attack in May 2017.  However, there really is no substantial evidence released by either the FBI or DHS.  Come to think about it, recalling my days when I had those two Top Secret clearances, that information would be highly classified and few people would ever really know.

If you are a small business in the Houston area, and want help, we are performing Cybersecurity Audits which also include Ransomware prevention and Recovery.  Recovery is hands down the most important part.  To help the small business owners in our Houston metro area we have reduced our normal fee from $1,495 to $495 we can only do 2 of these per week so you should act fast and either visit our contact-us page, send an email to info@thebestgeeks.com or call us at 281-374-4822.

Stay safe out there!

Rus Bel

Founder/CEO "The Best Geeks"