Crouching cyber Hidden Cobra: US warns (North Korean) hackers are at it again with new software

http://www.theregister.co.uk/2017/11/15/hidden_cobra_north_korea_malware_fallchill/

The FBI and US Homeland Security have issued an alert about a new strain of malware infecting American corporate systems and stealing sensitive data.

The remote access trojan (RAT), dubbed Fallchill, is the work of a North Korean hacking group called Hidden Cobra, which some at US-CERT believe was responsible for the WannaCry ransomware outbreak. Businesses are urged to remove Fallchill as "the highest priority." The Feds have published a list of IP addresses of public-facing machines infected by the software nasty, and sets of network intrusion detection rules, so IT admins can quickly find out if they've been hit.

Fallchill essentially opens a backdoor into infiltrated corporations, allowing its masterminds – likely to be Kim Jong-un's North Korean government – to extract highly confidential blueprints and other documents.

"According to trusted third-party reporting, HIDDEN COBRA actors have likely been using FALLCHILL malware since 2016 to target the aerospace, telecommunications, and finance industries," the Feds' warning states. "The malware is a fully functional RAT with multiple commands that the actors can issue from a command and control (C2) server to a victim’s system via dual proxies."