The U.S. Computer Emergency Readiness Team issued an alert Tuesday that the North Korean government is targeting businesses with malware and botnet-related attacks as part of a concerted new hacking campaign.

Dubbed “Hidden Cobra,” the campaign is targeting media, aerospace, financial and critical infrastructure sectors in the U.S. and around the world using a mixture of tools, according to the alert. The tools include distributed-denial-of-service botnets, keyloggers for capturing keystrokes, remote access tools and wiper malware that destroys data. The campaign tends to target machines running old, unsupported versions of Microsoft Windows and also targets known flaws in Microsoft Silverlight and Adobe Flash Player to gain access.

CERT said that in conjunction with the Federal Bureau of Investigation and Department of Homeland Security they have managed to match the IP address being used by Hidden Cobra to one previously used by another campaign called DeltaCharlie, a known North Korean DDoS botnet.

“If users or administrators detect the custom tools indicative of Hidden Cobra, these tools should be immediately flagged, reported to the DHS National Cybersecurity Communications and Integration Center or the FBI Cyber Watch and given highest priority for enhanced mitigation,” CERT said in its warning.

The organization also provided a list of the IP addresses being used by the attack to “enable network defense activities and reduce exposure to the DDoS command-and-control network.” It recommended that network administrators review the IP addresses, file hashes, network signatures and YARA rules provided with a view to adding them to their watch list to determine if malicious activity has occurred on their network.

Hidden Cobra is far from the first time the North Korea has been attributed to running hacking campaigns. The rogue East Asian country previously was fingered for attacks on the SWIFT banking network along with the highly publicized hack of Sony Pictures in 2015.

Photo: 72334647@N03/Flickr