The US government is warning that North Korean state-sponsored hackers have been targeting the aerospace, telecommunications, and finance sectors since 2016 with malware that can secretly take over a computer.
The Department of Homeland Security and the FBI issued a joint alert Tuesday, which includes technical details about Fallchill, a Remote Administration Tool (RAT) that can give a hacker full control over a victim’s computer, allowing them to search, read, write and move files, modify file timestamps, and delete any trace of an infection.
North Korean hackers spread Fallchill in two ways: delivery through other malware or hacking a website and using it to serving malicious code to unsuspecting visitors. Tuesday’s alert includes the IP addresses of infected Fallchill systems; if Fallchill is found on a computer, users should flag it and report the incident to the DHS or FBI.
In recent years, North Korea has been accused of orchestrating several major cyberattacks, including the 2014 Sony Pictures Hack and a breach that accessed South Korean warship plans.
Also this week, the US also issued a technical alert for another piece of North Korean-linked malware called Volgmer. According to the alert, the hackers have been using the Trojan since 2013 to attack the government, as well as the automotive and media industries. It too can steal files from a victim’s computer, and usually comes from a spear phishing email attack.
Both technical alerts have more details on how companies can protect themselves from the threats. Running up-to-date software, restricting installs of unwanted software, and telling employees to never visit unsolicited links in emails, are among the suggestions.