Technical Alerts on Two North Korean/HIDDEN COBRA Trojans
US-CERT released joint Technical Alerts (TAs) detailing two trojans used by the North Korean government-associated cyber threat group HIDDEN COBRA, also known as Lazarus Group, to target organizations in various sectors. The TAs provide technical details on the capabilities of each trojan as well as detection and response guidance, including indicators of compromise (IoCs) and mitigation strategies. The impacts of successful network intrusion using either trojan could lead to the loss of sensitive or proprietary information, disruption of operations, financial losses from restoring systems, and reputational damage. The NJCCIC recommends all users and administrators review the TAs detailing FALLCHILL and Volgmer, scan their networks for malicious activity associated with these trojans using the IoCs provided, and apply the suggested mitigation strategies.