The Federal Bureau of Investigation (FBI) and Department of Homeland Security (DHS) have identified two tools used by the Advanced Persistent Threat Group, HIDDEN COBRA, better known as Lazarus Group. The first tool,
What we’re doing about it
- eSentire has taken preventative measures to monitor and disrupt connection for network infrastructure related to
Volgmerand FALLCHILLon esNETWORK.
- File hashes linked to both tools are banned from execution on endpoints monitored by esENDPOINT.
What you should be doing about it
- Deploy application whitelisting to ensure that only authorized software can be installed and execute functions.
- Restrict administrative privileges based on the user’s requirements.
- Ensure users are informed about current threats through awareness programs and training.
VolgmerTrojan has been actively used since 2013 against government, financial, automotive, and media industry targets.
- The first known use of the
FALLCHILLRAT occurred in 2016. Since then FALLCHILLhas been actively used against the aerospace, telecommunications, and financial industries.
- Compromise by either of these tools may indicate that additional Hidden Cobra Malware is present.
For more information visit: