The US government is issuing a rare alert on the activities of a hacking group it dubs “Hidden Cobra,” saying the group is part of the North Korean government and more attacks are likely.
The joint alert from the US Department of Homeland Security and the Federal Bureau of Investigation said on Tuesday that “cyber actors of the North Korean government” had targeted the media, aerospace and financial sectors, as well as critical infrastructure, in the United States and globally.
North Korea has routinely denied involvement in cyber attacks against other countries. The North Korean mission to the United Nations was not immediately available for comment.
The alert said Hidden Cobra has compromised a range of victims since 2009 and that some intrusions had resulted in thefts of data while others were disruptive. The group’s capabilities include denial of service attacks, which send reams of junk traffic to a server to knock it offline, keyloggers, remote access tools and several variants of malware, the alert said.
Hidden Cobra commonly targets systems that run older versions of Microsoft Corp operating systems that are no longer patched, the alert said.
North Korean hacking activity has grown increasingly hostile in recent years, according to Western officials and cyber security experts.
The cyber firm Symantec Corp said last month it was “highly likely” that a hacking group affiliated with North Korea called Lazarus Group was behind the WannaCry cyber attack that infected more than 300,000 computers worldwide, disrupting operations at hospitals, banks and schools.
Tuesday’s alert said Hidden Cobra’s cyber attacks have been previously referred to by private sector experts as Lazarus Group and Guardians of the Peace, which have been linked to attacks such as the 2014 intrusion into Sony Corp’s Sony Pictures Entertainment.