US blames North Korea for Fallchill trojan

Fallchill RAT was created by Hidden Cobra group, claim security agencies

The FBI and US Department of Homeland Security have issued a joint warning related to several IP addresses infected with the Fallchill remote access trojan (RAT) an alleged North Korean cyber weapon.

According to the alert, the Fallchill malware has been targeting the aerospace, telecommunications and finance industries since 2016. Once an infection has taken hold, the threat actors behind it can issue multiple commands from command and control (C2) servers while obfuscating their identities behind a number of proxies.

The agencies claim to have linked Fallchill to a group it calls Hidden Cobra, which is said to be a North Korean state-sponsored operation behind a number of other malware initiatives that has been active since 2009.

"Fallchill typically infects a system as a file dropped by other Hidden Cobra malware or as a file downloaded unknowingly by users when visiting sites compromised by Hidden Cobra actors," the advisory reads.

"Hidden Cobra actors use an external tool or dropper to install the Fallchill malware-as-a-service to establish persistence. Because of this, additional Hidden Cobra malware may be present on systems compromised with Fallchill."

In terms of operation, Fallchill allows the malicious actors to retrieve information about all installed disks; create, start and terminate new processes and their primary thread; read, search, write, move and execute files; access and modify file or directory timestamps; change the directory for a process or file and delete malware and related artifacts from the infected system.

This can lead to disruption of operations and temporary or permanent loss of files.

Further information on the hallmarks of Fallchill and Hidden Cobra activity, as well as how to resolve an infection, can be found here.

North Korea last month denied it was responsible for the WannaCry ransomware attack that attacked businesses and hospitals in the UK back in May, calling the UK government's allegation "wicked".

Main image credit: Bigstock

Featured Resources

Unlocking collaboration: Making software work better together

How to improve collaboration and agility with the right tech

Download now

Four steps to field service excellence

How to thrive in the experience economy

Download now

Six things a developer should know about Postgres

Why enterprises are choosing PostgreSQL

Download now

The path to CX excellence for B2B services

The four stages to thrive in the experience economy

Download now

Recommended

Hackers leak data from dark web marketplace
cyber security

Hackers leak data from dark web marketplace

9 Apr 2021
Hackers are using fake messages to break into WhatsApp accounts
instant messaging (IM)

Hackers are using fake messages to break into WhatsApp accounts

8 Apr 2021
Hackers sell $38 million in gift cards on Russian marketplace
hacking

Hackers sell $38 million in gift cards on Russian marketplace

7 Apr 2021
Personal data of 533 million Facebook users found on hacking forum
data protection

Personal data of 533 million Facebook users found on hacking forum

5 Apr 2021

Most Popular

Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
Hackers are using fake messages to break into WhatsApp accounts
instant messaging (IM)

Hackers are using fake messages to break into WhatsApp accounts

8 Apr 2021
How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

8 Apr 2021