DHS, FBI describe North Korea's use of FALLCHILL malware

Lester Mason
November 15, 2017

The U.S. government on Tuesday issued a technical alert about cyber attacks it said are sponsored by the North Korean government that have targeted the aerospace, telecommunications and financial industries since 2016.

Fallchill is a remote administration tool that infects a victim's computer through the use of fraudulent Transport Layer Security communications and multiple proxies to obscure network traffic.

The US Department of Homeland Security (DHS) and the Federal Bureau of Investigation have issued joint technical alerts detailing cyberattacks launched by North Korean hackers targeting aerospace, telecommunications, financial and critical infrastructure sectors in the US since 2016. It typically spreads through files dropped by other malware or when users inadvertently download it by visiting websites that are already infected.

The Fallchill malware then collects basic information, including OS version information, system name and local IP address information, among other details.


In terms of operation, Fallchill allows the malicious actors to retrieve information about all installed disks; create, start and terminate new processes and their primary thread; read, search, write, move and execute files; access and modify file or directory timestamps; change the directory for a process or file and delete malware and related artifacts from the infected system. The Volgmer malware has been observed in the wild targeting government, automotive, financial and media industries. Most of these IP addresses fell in India (25.4%), Iran (12.3%), Pakistan (11.3%) and Saudi Arabia (6%).

North Korea has denied orchestrating any cyberattacks, but the latest report comes amid rising tensions with the United States over the communist regime's nuclear testing programme.

Last month, Britain had blamed North Korea for being behind the WannaCry cyber attack in May which had disrupted the nation's health services and businesses.

Other reports by Iphone Fresh

Discuss This Article

FOLLOW OUR NEWSPAPER