Homeland Security Details North Korean Hackers aka HIDDEN COBRA Cyber Threats and Hacking Activities – Offers Reward
The US Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) issued alert AA20-106A to offering guidance as well as a $5 million USD reward for information on North Korean hackers. The alert is a joint bulletin from the U.S. Departments of State, the US Treasury, Homeland Security, and the Federal Bureau of Investigation (FBI)
The four federal agencies issued a comprehensive list of past and current North Korean cybercrimes and hacking activities. North Korea has repeatedly targeted government and military IT networks belonging to the United States as well as other nations. They also attack private organizations including financial institutions and critical infrastructure sectors to steal money, conduct corporate espionage, and carry out disruptive cyberattacks. US and United Nations (UN) economic sanctions cause North Korea to steal money through cyberwarfare to fund their operations.
State sponsored hackers from the Democratic People’s Republic of Korea (DPRK), commonly referred to as North Korea, are an Advanced Persistent Threat (APT) group the U.S. government refers to as HIDDEN COBRA. North Korean hackers carry out cybercrimes to collect money to generate revenue for North Korean operations and programs. HIDDEN COBRA deploys hackers, cryptologists, and software developers who use phishing emails and malware to conduct cyber espionage, steal money from financial institutions and cryptocurrency exchanges, and conduct politically motivated operations.
Department of State Rewards for Justice
The Department of the Treasury’s Office of Foreign Assets Control (OFAC) can sanction on any person or institution that has undermining cyber security by working with North Korea, HIDDEN CORBA, or the Workers’ Party of Korea. OFAC can also impose sanctions on anyone who has operated in the IT industry in North Korea, engaged in malicious cyber activities. Of course, because of US and UN sanctions no one can import from or export to any goods, services, or technology to North Korea.
Anyone can anonymously report information about North Korean hackers or the people who work with them including their activities and whereabouts. Rewards of up to $5 Million USD are available for information on past or current activity. To report HIDDEN COBRA threats, visit the Department of State’s Rewards for Justice program website at www.rewardsforjustice.net
Cyber Attacks Attributed to North Korea’s HIDDEN COBRA
Australia, Canada, New Zealand, the United States, and Britain blamed HIDDEN COBRA for the 2017 WannaCry 2.0 ransomware attack on Windows computers. Denmark and Japan also issued “supporting statements.” WannaCry ransomware locked up hundreds of thousands of computers around the world. The cyberattack exploited a known vulnerability in Microsoft Windows computers. The entire British healthcare system was crippled by WannaCry. Months beforehand, Microsoft had already issued a security update but any machine that was left unpatched could be compromised.
North Korean hackers, referred to as HIDDEN COBRA, primarily targets financial sector organizations to steal money through theft, money laundering, extortion, and crypto jacking. The US federal government has publicly attributed the following cyber incidents to DPRK state-sponsored hackers, HIDDEN COBRA, and co-conspirators.
- Sony Pictures Data Breach – A retaliatory cyberattack for Sony’s film “The Interview.” Hackers stole confidential data, threatened Sony employees, and damaged computers.
- Bangladesh Bank Heist – Hackers used spear phishing emails to compromise the Society for Worldwide Interbank Financial Telecommunication (SWIFT) network and stole $1 billion from financial institutions globally and $81 million from Bangladesh Bank
- WannaCry 2.0 ransomware
- FASTCash Campaign – HIDDEN COBRA used malware to steal tens of millions of dollars from ATMs in Asia and Africa. In 2017, HIDDEN COBRA hackers withdrew cash from ATMs in over 30 countries simultaneously. They did it again in 2018, this time withdrawing cash from ATMs in 23 countries
- Digital Currency Exchange Hack – HIDDEN COBRA hacked into a digital currency exchange and stole about $250 million worth of digital currency. Two Chinese nationals and co-conspirators were indicted for money laundering
The United States also seeks to enhance the capacity of foreign governments and the private sector to understand, identify, defend against, investigate, prosecute, and respond to DPRK cyber threats and participate in international efforts to help ensure the stability of cyberspace.