Feds Reveal Hidden Cobra’s Trove of Espionage Tools

2020-05-13 13:19

The U.S. Department of Homeland Security and Federal Bureau of Investigation have exposed what they say are hacking tools used by the North Korean-sponsored APT group Hidden Cobra.

The tools included in the documentation allow Hidden Cobra to perform nefarious tasks such as remotely take over systems and steal information as well as install spyware on targeted systems to perform espionage activities.

This piece of malware can download, upload, delete and execute files; enable Windows CLI access; create and terminate processes; and perform target system enumeration, according to US-CERT. The U.S. authorities have had Hidden Cobra in their crosshairs for a number of years and have been tracking the activities of the group, which typically target financial institutions.

In 2017, US-CERT first warned it believed North Korean attackers operating a campaign called Hidden Cobra targeting U.S. businesses with malware- and botnet-related attacks that they identified as Hidden Cobra.

Last year, Hidden Cobra struck again, using a never-before-seen spyware variant called Hoplight to target U.S. companies and government agencies in active attacks.

News URL

https://threatpost.com/feds-publish-malware-analysis-of-hidden-cobra/155686/

#espionage #FED #tools