Hidden Cobra is, by far and away, the most referenced threat actor on KNOW’s threat intel dashboard.
Let’s drill into the data on KNOW.
Who are the “Hidden Cobra”?
Hidden Cobra or “Lazarus group” are a notorious threat actor from North Korea who active since 2009. While they are probably most known for the infamous Sony Pictures data breach, they are also known for – Operation Kimsuky, Magecart Campaign, HaoBao campaign, Operation AppleJeus, and Operation North Star.
Hidden Cobra has several other aliases like Guardians of Peace, ZINC, NICKEL ACADEMY, etc. The United States Federal Bureau of Investigation has labeled the group as a North Korean “state-sponsored hacking organization.”
Most infamous Hidden Cobra attacks
#1 South Korea Cyberattack
In March 2011, Hidden Cobra launched a series of attacks called “Ten Days of Rain” on specific South Korean media, financial, and critical infrastructure, consisting of sophisticated DDoS attacks. The group continued the attack on March 20, 2013, and targeted three South Korean broadcast companies, financial institutes, and an ISP.
#2 Sony Breach
On November 14, 2014, a Reddit post that stated that Sony Pictures had been hacked by a group identifying themselves as “Guardians of Peace” started showing up. The group had been stealing and leaking a large amount of the company’s data for over a year. The hackers leaked unreleased films, emails, and personal information of over 4,000 employees in the process. Researchers discovered that the group behind the attack was Hidden Cobra.
#3 Various Cryptocurrency Attacks
Around late-2017, North Korea-based groups like Hidden Cobra started a series of cryptocurrency-related attacks. As per reports, the reason behind North Korea’s interest in cryptocurrencies was to find a way to mitigate the various international financial sanctions placed on top of them.
Some examples of the group’s attacks are as follows:
- February 2017: Stole $7 million from Bithumb, a South Korean exchange.
- December 2017: A South Korean exchange called “Youbit” was forced to declare bankruptcy after the group robbed them of 17% of their assets.
- December 2017: NiceHash, a crypto cloud mining company, was hacked for 4,500 BTC.
KNOW about Hidden Cobra
KNOW allows you to gain a bird’s eye view and full context about the threat actor in question. This empowers you to make business-critical decisions with full context and ensure that you have everything you need to protect your organization from Hidden Cobra.
Industries affected by Hidden Cobra
- Finance
- Aerospace and defense
- Manufacturing
- Media and entertainment
- Telecommunications
- Banking
- Industrial equipment
- Hospitals
- Aviation
Important data captured by KNOW:
- Associated IP addresses: 20
- Associated domains: 19
- Hashes:85
- URLs: 27
- Malware: 32
- Attack Vectors: 39
From the Twitterverse
@gayle_landry
The Lazarus Group recently targeted an employee of a #cryptocurrency exchange with a fake job offer in order to plant malware and steal virtual currency.
@akhmetow
A new ransomware, VHD, was seen being delivered by the Lazarus group’s multiplatform malware platform, MATA.
@CISAgov
Warning sign North Korean cyber actors are using #malware variants to carry out an ongoing ATM cash-out scheme and steal money from banking systems.
What is KNOW?
KNOW is Netenrich’s Threat Intel Platform that extracts data from billions of data points and correlates relevant intel and expert analyst insights to help you follow, search, and act—in a fraction of the time it takes now.
One of KNOW’s handiest tools is the trending threats dashboard, which gives you a bird’s eye view of the most potent malware, threat actors, methods, and vulnerabilities in the following time frames:
- Last 7 days.
- Last 60 days.
So, want to check out KNOW some more? Why don’t you sign up? Did we mention that it’s completely free?
Or subscribe to get daily threat intel updates.
Subscribe To Our Newsletter!
The best source of information for Security, Networks, Cloud, and ITOps best practices. Join us.
Thank you for subscribing!
