North Korean malware still lurks in computers worldwide

North Korean leader Kim Jong Un.   Reuters

North Korean leader Kim Jong Un. Reuters

The FBI and the Department of Homeland Security have released an alert saying the government of North Korea appears to have been using a malware to home in on telecommunications, finance and aerospace sectors since 2016, ZDNet reported Tuesday.

DHS Computer Emergency Response Team said some networks could be infected with the Volgmer "backdoor Trojan" which gives hackers complete control of a computer system.

USA officials earlier this year blamed the group for a series of cyberattacks dating back to 2009, saying it was linked to the Pyongyang government.

FALLCHILL allows Hidden Cobra to issue commands to a victim's server by dual proxies, which means it can potentially perform actions like retrieving information about all installed disks, accessing files, modifying file or directory timestamps and deleting evidence that it's been on the infected server.

"Hidden Cobra actors use an external tool or dropper to install the Fallchill malware-as-a-service to establish persistence".

United States officials told AFP a hacker group called "Hidden Cobra" also known as "Lazarus" has the ability to "maintain a presence on victims' networks" with the aim to "further network exploitation".

While North Korea's cyber espionage efforts were once dismissed by many security experts, the success of Hidden Cobra over the last few years has changed that perception, and it is now seen as a serious threat because it is able to do a lot of damage at a relatively low cost.

"Some intrusions have resulted in the exfiltration of data while others have been disruptive in nature", the report added.