The North Korean government is very good at hacking—and they’re targeting media, aerospace, and financial companies in the United States.
The country was behind some of the most headline-grabbing hacks of the 21st century, according to an alert put out Tuesday by the U.S. Department of Homeland Security
Those hackers — for some reason referred to as “Hidden Cobra” in the report (why not camouflaged cobra? Alliteration!) — have also been called the Lazarus Group and Guardians of Peace.
The Guardians of Peace committed what Deadline described as “the most devastating cyber-crime ever committed against an American corporation” in 2014. North Korean government hackers broke into Sony Pictures Entertainment in what was believed to be “retribution” of sorts for Sony’s production of a Seth Rogen and James Franco movie called The Interview, which featured a plot to kill North Korean leader Kim Jong-un.
The Lazarus Group was implicated by cybersecurity research groups as the perpetrators of a ransomware attack known as WannaCry, which froze computers at hospitals in the UK and spread to 112 countries. The ransomware demands users pay a ransom in bitcoin or lose access to their data, but it didn’t end up raising much cash.
North Korean government hackers employ a range of techniques, according to the report, including DDoS attacks, which bombard websites with garbage traffic so that legitimate users can’t access them. Other methods include keyloggers, which record the keystrokes of infected computers, and malware that erases information from compromised computers.
These hackers are sophisticated, but the report suggests a defense against them: update/patch operating systems and applications. The WannaCry ransomware was so successful in large part because there are so many users out there who haven’t regularly updated their computers.
“Most attackers target vulnerable applications and operating systems,” the report says. “Ensuring that applications and operating systems are patched with the latest updates greatly reduces the number of exploitable entry points available to an attacker.”