by: Naum Lavnevich
The Digital Edge Security Team warns that HIDDEN COBRA actors have been using FALLCHILL malware to target IT infrastructures. DHS and FBI specified Internet Protocol (IP) addresses and other indicators of compromise (IOCs) associated with a remote administration tool (RAT) used by the North Korean government—commonly known as FALLCHILL. The U.S. Government refers to malicious cyber activity by North Korea as HIDDEN COBRA.
HIDDEN COBRA uses dual proxy technique allowing to change vector of the attack and keep the source of the attack hidden.
These types of activities can have severe impacts such as data loss and disruption of operation. The Digital Edge Security Team has updated its own core infrastructure to protect our clients from possible impacts of HIDDEN COBRA and advise other IT organization to use the same practice.
FISMA requires all federal agencies to document and implement controls for information technology systems that support their operations and assets.
LogIT simplifies FISMA compliance with its fully automated log collection, collecting and recovery across the agency’s entire infrastructure. Providing tools at the fingertip that align the organization’s risk assessment with forensic investigations, reporting, and prioritizing settings. LogIT already automatically achieves the first level of log analysis, by categorizing log data that is identified and stabilized for easy analysis and reporting.