Updated 11:29 AM EDT, Tue, Jun 16, 2020

Make CT Your Homepage

North Korea Behind Many of the Devastating Cyberattacks since 2009, says US

Getting badder

(Photo : Getty Images) North Kore is definitely behind the WannaCry ransomware attack.

The United States is squarely blaming North Korea for a string of devastating worldwide cyber attacks extending back to 2009, including the most recent, the global WannaCry ransomware attack last May, and the cyber break-in at Sony Pictures in the U.S. in 2014.

The U.S. Department of Homeland Security and the Federal Bureau of Investigation said North Korea will continue to rely on cyber operations to advance its military and strategic objectives, and warned that more cyberattacks by North Korea will be launched in the future.

Like Us on Facebook

As a result, the federal government has issued a rare joint alert squarely blaming the North Korean government for the attacks dating back to 2009.

The joint alert said "cyber actors of the North Korean government," given the name "Hidden Cobra" by the report, had targeted aerospace firms, financial firms, the media and critical infrastructure in the United States and around the world.

Hidden Cobra was previously called the Lazarus Group and Guardians of the Peace by western cyber investigators.

Two cyber security firms, Symantec Corporation from the U.S. and Kaspersky Lab from Russia both said it was "highly likely" Lazarus (now Hidden Cobra) was behind the WannaCry ransomware attack that infected more than 300,000 computers worldwide, and disrupted operations at banks, schools and hospitals.

Cyber security experts note that North Korean hacking activity is becoming increasingly hostile. This was evident in the case of the WannaCry ransomware attack.

The attack targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments ranging from $300 to $600 in the Bitcoin cryptocurrency. It began on May 12 and within a day was reported to have infected more than 230,000 computers in over 150 countries.

Hidden Cobra commonly targets systems that run older versions of Microsoft's Windows operating system such as Windows 7 that are no longer patched. It also uses Adobe Flash player vulnerabilities to gain access into targeted computers.

Hidden Cobra's capabilities include denial of service attacks (DoS), which send a flood of junk traffic to a server to knock it offline; keyloggers; remote access tools and several variants of malware. The U.S. said Hidden Cobra compromised a range of victims.

Real Time Analytics