Date
23 November 2017
North Korean hackers were allegedly using a type of malware known as “FALLCHILL” to gain entry to computer systems and compromise network systems. Photo: LinkedIn.com
North Korean hackers were allegedly using a type of malware known as “FALLCHILL” to gain entry to computer systems and compromise network systems. Photo: LinkedIn.com

US issues technical alert on ‘North Korea cyber attacks’

The US government issued a technical alert about cyber attacks it said are sponsored by the North Korean government that have targeted the aerospace, telecommunications and financial industries since 2016.

The alert, from the FBI and Department of Homeland Security, said North Korean hackers were using a type of malware known as “FALLCHILL” to gain entry to computer systems and compromise network systems, Reuters reports.=

The FBI and DHS had issued a warning in June that squarely blamed the North Korean government for a raft of cyber attacks stretching back to 2009 targeting media, aerospace and financial sectors, as well as critical infrastructure, in the United States and globally.

Tuesday’s alert included the publication of IP addresses the FBI said were linked to the hacking campaign and was intended to help private industry guard against the attacks.

The FALLCHILL malware was described as providing hackers with wide latitude to monitor and disrupt infected systems.

The malware typically gained access to systems as a file sent via other North Korean malware or when users unknowingly downloaded it by visiting sites compromised by the hackers.

The new alert coincides with increasing tensions between Washington and Pyongyang over North Korea’s missile tests. The previous warning, in June, said that North Korea would continue to rely on cyber operations to advance its military and strategic objectives.

North Korea has routinely denied involvement in cyber attacks against other countries.

Meanwhile, about 15 percent of US government agencies have detected some trace of Russian company Kaspersky Lab’s software on their systems in a review prompted by concerns the antivirus firm is vulnerable to Kremlin influence, a security official told Congress.

Jeanette Manfra, assistant secretary for cyber security at the Department of Homeland Security, said that 94 percent of agencies had responded to an order to survey their networks to identify any use of Kaspersky Lab products and to remove them.

Manfra on Tuesday told a US House of Representatives panel the DHS did “not currently have conclusive evidence” that any networks had been breached because of their use of Kaspersky software.

The administration of President Donald Trump ordered civilian US agencies in September to remove Kaspersky Lab from their networks. US officials are concerned that the company’s anti-virus software could be used by Russian intelligence agencies to spy on the US government.

The decision represented a sharp response to what US intelligence agencies have described as a national security threat posed by Russia in cyberspace, following an election year marred by allegations that Moscow weaponized the internet in an attempt to influence its outcome.

Kaspersky Lab has repeatedly denied that it has ties to any government and said it would not help a government with cyber espionage. Moscow has denied that it sought to interfere in the 2016 US presidential election.

The September DHS order required civilian agencies to identify any use of Kaspersky Lab products within 30 days and to discontinue their use within 90 days.

Ninety-six of 102 federal agencies have reported to DHS on whether they have found Kaspersky Lab software on their networks, Manfra told the oversight subcommittee of the House Science, Space and Technology Committee.

DHS is working with the remaining six “very small” agencies to assess their networks, Manfra said. She did not name the agencies that detected Kaspersky Lab products or those that were still auditing their systems.

The government was generally complying with the directive to remove the software, Manfra said.

She told lawmakers it was possible the action against Kaspersky Lab could prompt litigation, but she did not elaborate.

Asked if the company is considering suing the US government, a spokeswoman for Kaspersky Lab said in a statement that the company “continues to consider all possible options”.

The company’s products generally appeared to land on US government networks through larger technology purchases that included Kaspersky Lab products as pre-bundled software, making it more difficult to track, according to Manfra and other officials who testified on Tuesday.

Kaspersky Lab has said previously that its footprint in the US federal government market was minimal.

– Contact us at english@hkej.com

CG

EJI Weekly Newsletter

Please click here to unsubscribe