Hidden Cobra DDoS Botnet

By Nyotron Security Research Team

Lazarus group (aka “Hidden Cobra”), a group that is believed to be backed by North Korea which were linked to several cyber attacks in recent years including the Sony pictures leaks back in 2014. “Ten Days of Rain,” a DDoS (Distributed denial-of-service) attack against South Korea is linked yet to another attack which was named “DeltaCharlie,” that was initially reported in 2016 in “Operation Blockbuster.”

This attack seems to be aimed U.S. targets which includes financial, media and and critical infrastructure entities.

This attack is being used to launch DDoS attacks using DNS, NTP. and CGP, along with downloading binaries to the victim’s machine, change its configuration and updating itself. It does that by registering itself as a service and is executed as a shared service (svchost.exe).

At this moment, the magnitude of this botnet size is unclear.

These types of activities are part of Paranoid’s coverage and should be blocked.

Source: The Hacker News