{"id":12551,"date":"2017-08-24T11:58:46","date_gmt":"2017-08-24T16:58:46","guid":{"rendered":"https:\/\/www.firewalls.com\/blog\/?p=12551"},"modified":"2025-10-23T11:03:45","modified_gmt":"2025-10-23T16:03:45","slug":"hidden-cobra-north-koreas-malware-unit","status":"publish","type":"post","link":"https:\/\/www.firewalls.com\/blog\/hidden-cobra-north-koreas-malware-unit\/","title":{"rendered":"Taming the Hidden Cobra: The DPRK&#8217;s Malware Brigade"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"12551\" class=\"elementor elementor-12551\" data-elementor-post-type=\"post\">\n\t\t\t\t<div class=\"elementor-element elementor-element-75b7268 e-flex e-con-boxed e-con e-parent\" data-id=\"75b7268\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-50b23ba2 elementor-widget elementor-widget-text-editor\" data-id=\"50b23ba2\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h3 style=\"text-align: left;\"><strong>What is Hidden Cobra?<\/strong><\/h3>\n<p>While it may sound like the final technique learned from Jackie Chan in a young adult movie, Hidden Cobra is actually the moniker given to state-sponsored actors executing cyber crime activities on behalf of the North Korean government. Before federal agencies reported on the activities of DPRK&#8217;s Hidden Cobra, the group was dubbed by the private sector as Lazarus Group or Guardians of Peace. Hidden Cobra is an extension of the North Korean government and targets both public and private entities with malware, data wipers, DDoS, and SMB worm tools. Known variants of Destover, <a href=\"https:\/\/www.symantec.com\/connect\/blogs\/duuzer-back-door-trojan-targets-south-korea-take-over-computers\" target=\"_blank\" rel=\"noopener noreferrer\">Duuzer<\/a>&nbsp;, and Hangman&nbsp;exploits are common modus operandi for Hidden Cobra. In addition, Hidden Cobra is notorious for their use of powerful DDoS attacks with their denial-of-service tool, DeltaCharlie.<\/p>\n<h3><strong>Flushing Out the Snake<\/strong><\/h3>\n<p>Hidden Cobra tends to target systems that run older, unpatched operating systems. The lack of firmware updates and plethora of attack surfaces found in obsolete Microsoft operating systems makes for low-hanging fruit the serpents are able to reach. A Technical Alert issued by the Department of Homeland Security and Federal Bureau of Investigation includes a database of recognized IP addresses and network signatures that they consider Indicators of Compromise (IOCs).<\/p>\n<p><a href=\"https:\/\/www.us-cert.gov\/sites\/default\/files\/publications\/TA-17-164A_csv.csv\">Indicators of Compromise<\/a><\/p>\n<h6>[<em>Clicking will begin a .csv download]<\/em><\/h6>\n<p>In addition to these IOC\u2019s, DHS has published a Malware Analysis Report detailing the unique functionalities and common tactics demonstrated by Hidden Cobra actors.<\/p>\n<p><a href=\"https:\/\/www.us-cert.gov\/sites\/default\/files\/publications\/MAR-10132963.pdf\" target=\"_blank\" rel=\"noopener noreferrer\">MAR 10132963<\/a><\/p>\n<h6>[<em>Clicking will open a .pdf]<\/em><\/h6>\n<h3><strong>Known Vulnerabilities<\/strong><\/h3>\n<p>Like real snakes, we have accumulated antidotes for a majority of the Hidden Cobra\u2019s venoms. The following Common Vulnerabilities and Exposures (CVEs) are typical susceptibilities targeted by Hidden Cobra:<\/p>\n<ul>\n<li><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2015-6585\" target=\"_blank\" rel=\"noopener noreferrer\">CVE-2015-6585: Hangul Word Processor Vulnerability<\/a><\/li>\n<li><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2015-8651\" target=\"_blank\" rel=\"noopener noreferrer\">CVE-2015-8651: Adobe Flash Player 18.0.0.324 and 19.x Vulnerability<\/a><\/li>\n<li><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2016-0034\" target=\"_blank\" rel=\"noopener noreferrer\">CVE-2016-0034: Microsoft Silverlight 5.1.41212.0 Vulnerability<\/a><\/li>\n<li><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2016-1019\" target=\"_blank\" rel=\"noopener noreferrer\">CVE-2016-1019: Adobe Flash Player 21.0.0.197 Vulnerability<\/a><\/li>\n<li><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2016-4117\" target=\"_blank\" rel=\"noopener noreferrer\">CVE-2016-4117: Adobe Flash Player 21.0.0.226 Vulnerability<\/a><\/li>\n<\/ul>\n<p>If Adobe Flash and Microsoft Silverlight are no longer necessary applications in your system, we highly recommend removing these programs completely.<\/p>\n<h3><strong>Delta Charlie<\/strong><\/h3>\n<p>Perhaps the most perilous tool operated by Hidden Cobra is their DDOS tool, DeltaCharlie. Sporting a standard botnet infrastructure, DeltaCharlie is used to launch DNS attacks, NTP attacks, and CGN attacks. DeltaCharlie disguises itself as a svchost service. The tool can download and operate macros, alter its own structure, and perform denial-of-service attacks on command.<\/p>\n<h3><strong>If You\u2019ve Been Targeted<\/strong><\/h3>\n<p><em><strong>Report the attack to DHS or FBI<\/strong><\/em> \u2013 Federal agencies are very interested in keeping tabs on the activity of North Korea\u2019s state-sponsored cyber warfare adjuncts. You can report malware to the DHS <a href=\"https:\/\/myservices.cisa.gov\/irf\" target=\"_blank\" rel=\"noopener noreferrer\">here<\/a>. They will certainly appreciate the information.<br \/><em><strong>Review visitor logs for IOCs<\/strong><\/em> \u2013 If you suspect Hidden Cobra is responsible for a raid on your network, cross-check records from your perimeter defenses against those IP addresses outlined in the Indicators of Compromise spreadsheet provided above.<br \/><em><strong>Run YARA<\/strong> <\/em>\u2013 For readers unfamiliar with YARA, it is a tool developed by malware researchers to detect attack signatures. The Technical Alert issued by DHS and FBI include a variety of YARA rule definitions that can quickly and effectively track down signs of Hidden Cobra malware.<\/p>\n<h3><strong>Preventing Hidden Cobra Attacks<\/strong><\/h3>\n<h4><em><strong>Limit admin privileges<\/strong><\/em><\/h4>\n<p><a href=\"https:\/\/www.firewalls.com\/blog\/ransomware-warfare-how-to-protect-your-files-from-hostage-takers\/\" target=\"_blank\" rel=\"noopener noreferrer\">We\u2019ve talked about this one before<\/a>. When an attacker gets into your system, you don\u2019t want everyone inside carrying around skeleton keys.<\/p>\n<h4><strong style=\"font-size: 1.15rem;\"><em>Update your firmware<\/em><\/strong><\/h4>\n<p><span style=\"font-size: 1.15rem;\">So, <\/span><a style=\"font-size: 1.15rem; background-color: #ffffff;\" href=\"https:\/\/www.firewalls.com\/blog\/epidemiology-applying-concepts-of-herd-immunity-and-public-health-to-cyber-security\/\" target=\"_blank\" rel=\"noopener noreferrer\">this one sounds familiar too<\/a><span style=\"font-size: 1.15rem;\">. The straight-forward warning: the older your operating system, applications, or security patches, the more likely you are to be on the receiving end of cybercrime. This is as self-explanatory as comparing a modern digital security system to a string of rattling cans strung across the lawn.<\/span><\/p>\n<h4><em style=\"font-size: 1.15rem;\"><strong>Go invite-only for your applications<\/strong><\/em><\/h4>\n<p><span style=\"font-size: 1.15rem;\">The practice of whitelisting applications drastically cuts down potential attack surfaces in your network. However, whitelisting is allowing only prescreened applications access to your system. If it\u2019s not on the list, it stays outside.<\/span><\/p>\n<h4><em><strong>Leverage your firewall<\/strong><\/em><\/h4>\n<p>Firewalls provide gateway security, content filtering, IP whitelisting, application controls, user groups, and more. There are a vast number of security options available to organizations to protect their data against the likes of Hidden Cobra, but most of them require a firewall appliance to operate. Think of your firewall as the command center of your security infrastructure. Next-generation firewalls are platforms designed to provide all of the security resources you need in one powerful appliance, i.e. Unified Threat Management.<\/p>\n<p><strong>Learn about UTMs offered by our manufacturer partners!<\/strong><\/p>\n<p style=\"text-align: center;\"><a class=\"wpex-theme-button red\" href=\"https:\/\/www.firewalls.com\/catalogsearch\/result\/?q=SONICWALL+COMPREHENSIVE+GATEWAY+SECURITY+SUITE\" target=\"_blank\" rel=\"noopener noreferrer\"><span style=\"font-size: 18px;\">SONICWALL COMPREHENSIVE GATEWAY SECURITY SUITE<\/span><\/a><\/p>\n<p style=\"text-align: center;\"><a class=\"wpex-theme-button red\" href=\"https:\/\/www.firewalls.com\/brands\/sophos\/central.html\" target=\"_blank\" rel=\"noopener noreferrer\"><span style=\"font-size: 18px;\">SOPHOS CENTRAL<\/span><\/a><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>What is Hidden Cobra and what can you do to protect your network against attacks? How to find out if you&#8217;ve been targeted and what to do next.<\/p>\n","protected":false},"author":5,"featured_media":12552,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[286],"tags":[],"class_list":["post-12551","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.7 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Taming the Hidden Cobra: The DPRK&#039;s Malware Brigade - Firewalls.com<\/title>\n<meta name=\"description\" content=\"What is Hidden Cobra and what can you do to protect your network against attacks? How to find out if you&#039;ve been targeted and what to do next.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.firewalls.com\/blog\/hidden-cobra-north-koreas-malware-unit\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Taming the Hidden Cobra: The DPRK&#039;s Malware Brigade - Firewalls.com\" \/>\n<meta property=\"og:description\" content=\"What is Hidden Cobra and what can you do to protect your network against attacks? How to find out if you&#039;ve been targeted and what to do next.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.firewalls.com\/blog\/hidden-cobra-north-koreas-malware-unit\/\" \/>\n<meta property=\"og:site_name\" content=\"Firewalls.com\" \/>\n<meta property=\"article:publisher\" content=\"http:\/\/www.facebook.com\/firewallscom\" \/>\n<meta property=\"article:published_time\" content=\"2017-08-24T16:58:46+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-10-23T16:03:45+00:00\" \/>\n<meta property=\"og:image\" content=\"http:\/\/www.firewalls.com\/blog\/wp-content\/uploads\/2017\/08\/HC-FtrdImg.png\" \/>\n\t<meta property=\"og:image:width\" content=\"780\" \/>\n\t<meta property=\"og:image:height\" content=\"330\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Andrew Harmon\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@firewallscom\" \/>\n<meta name=\"twitter:site\" content=\"@firewallscom\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Andrew Harmon\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.firewalls.com\\\/blog\\\/hidden-cobra-north-koreas-malware-unit\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.firewalls.com\\\/blog\\\/hidden-cobra-north-koreas-malware-unit\\\/\"},\"author\":{\"name\":\"Andrew Harmon\",\"@id\":\"https:\\\/\\\/www.firewalls.com\\\/blog\\\/#\\\/schema\\\/person\\\/8e89a2f96065af1717d00dfd06dca962\"},\"headline\":\"Taming the Hidden Cobra: The DPRK&#8217;s Malware Brigade\",\"datePublished\":\"2017-08-24T16:58:46+00:00\",\"dateModified\":\"2025-10-23T16:03:45+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.firewalls.com\\\/blog\\\/hidden-cobra-north-koreas-malware-unit\\\/\"},\"wordCount\":746,\"publisher\":{\"@id\":\"https:\\\/\\\/www.firewalls.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.firewalls.com\\\/blog\\\/hidden-cobra-north-koreas-malware-unit\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.firewalls.com\\\/blog\\\/wp-content\\\/uploads\\\/2017\\\/08\\\/HC-FtrdImg.png\",\"articleSection\":[\"Cybersecurity\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.firewalls.com\\\/blog\\\/hidden-cobra-north-koreas-malware-unit\\\/\",\"url\":\"https:\\\/\\\/www.firewalls.com\\\/blog\\\/hidden-cobra-north-koreas-malware-unit\\\/\",\"name\":\"Taming the Hidden Cobra: The DPRK's Malware Brigade - Firewalls.com\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.firewalls.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.firewalls.com\\\/blog\\\/hidden-cobra-north-koreas-malware-unit\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.firewalls.com\\\/blog\\\/hidden-cobra-north-koreas-malware-unit\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.firewalls.com\\\/blog\\\/wp-content\\\/uploads\\\/2017\\\/08\\\/HC-FtrdImg.png\",\"datePublished\":\"2017-08-24T16:58:46+00:00\",\"dateModified\":\"2025-10-23T16:03:45+00:00\",\"description\":\"What is Hidden Cobra and what can you do to protect your network against attacks? How to find out if you've been targeted and what to do next.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.firewalls.com\\\/blog\\\/hidden-cobra-north-koreas-malware-unit\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.firewalls.com\\\/blog\\\/hidden-cobra-north-koreas-malware-unit\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.firewalls.com\\\/blog\\\/hidden-cobra-north-koreas-malware-unit\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.firewalls.com\\\/blog\\\/wp-content\\\/uploads\\\/2017\\\/08\\\/HC-FtrdImg.png\",\"contentUrl\":\"https:\\\/\\\/www.firewalls.com\\\/blog\\\/wp-content\\\/uploads\\\/2017\\\/08\\\/HC-FtrdImg.png\",\"width\":780,\"height\":330,\"caption\":\"hidden cobra north koreas cyber crime and malware unit and how the fbi and dhs technical alerts\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.firewalls.com\\\/blog\\\/hidden-cobra-north-koreas-malware-unit\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.firewalls.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Taming the Hidden Cobra: The DPRK&#8217;s Malware Brigade\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.firewalls.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.firewalls.com\\\/blog\\\/\",\"name\":\"Firewalls.com\",\"description\":\"Your Home For Cyber Security News, Stories, &amp; Tutorials\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.firewalls.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.firewalls.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.firewalls.com\\\/blog\\\/#organization\",\"name\":\"Firewalls.com\",\"url\":\"https:\\\/\\\/www.firewalls.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.firewalls.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.firewalls.com\\\/blog\\\/wp-content\\\/uploads\\\/2017\\\/08\\\/BrandedLogo-TagLineBelow.png\",\"contentUrl\":\"https:\\\/\\\/www.firewalls.com\\\/blog\\\/wp-content\\\/uploads\\\/2017\\\/08\\\/BrandedLogo-TagLineBelow.png\",\"width\":365,\"height\":85,\"caption\":\"Firewalls.com\"},\"image\":{\"@id\":\"https:\\\/\\\/www.firewalls.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"http:\\\/\\\/www.facebook.com\\\/firewallscom\",\"https:\\\/\\\/x.com\\\/firewallscom\",\"https:\\\/\\\/www.linkedin.com\\\/company-beta\\\/1439857\\\/\",\"https:\\\/\\\/www.youtube.com\\\/user\\\/firewallsDotCom\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.firewalls.com\\\/blog\\\/#\\\/schema\\\/person\\\/8e89a2f96065af1717d00dfd06dca962\",\"name\":\"Andrew Harmon\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/82936bfb8f1442a22d205a04a3feacea2a3566500f61df50f53fa21ec3306ee9?s=96&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/82936bfb8f1442a22d205a04a3feacea2a3566500f61df50f53fa21ec3306ee9?s=96&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/82936bfb8f1442a22d205a04a3feacea2a3566500f61df50f53fa21ec3306ee9?s=96&r=g\",\"caption\":\"Andrew Harmon\"},\"description\":\"Andrew Harmon was the Director of Marketing for Firewalls.com, co-host of the Ping podcast, and engineer-to-English translator of the network security lexicon. Andrew focused on creating content for small business owners and cybersecurity novices to make this crucial facet of modern business more approachable for non-experts everywhere.\",\"sameAs\":[\"https:\\\/\\\/www.Firewalls.com\",\"aharmon@firewalls.com\"],\"url\":\"https:\\\/\\\/www.firewalls.com\\\/blog\\\/author\\\/aharmon\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Taming the Hidden Cobra: The DPRK's Malware Brigade - Firewalls.com","description":"What is Hidden Cobra and what can you do to protect your network against attacks? How to find out if you've been targeted and what to do next.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.firewalls.com\/blog\/hidden-cobra-north-koreas-malware-unit\/","og_locale":"en_US","og_type":"article","og_title":"Taming the Hidden Cobra: The DPRK's Malware Brigade - Firewalls.com","og_description":"What is Hidden Cobra and what can you do to protect your network against attacks? How to find out if you've been targeted and what to do next.","og_url":"https:\/\/www.firewalls.com\/blog\/hidden-cobra-north-koreas-malware-unit\/","og_site_name":"Firewalls.com","article_publisher":"http:\/\/www.facebook.com\/firewallscom","article_published_time":"2017-08-24T16:58:46+00:00","article_modified_time":"2025-10-23T16:03:45+00:00","og_image":[{"width":780,"height":330,"url":"http:\/\/www.firewalls.com\/blog\/wp-content\/uploads\/2017\/08\/HC-FtrdImg.png","type":"image\/png"}],"author":"Andrew Harmon","twitter_card":"summary_large_image","twitter_creator":"@firewallscom","twitter_site":"@firewallscom","twitter_misc":{"Written by":"Andrew Harmon","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.firewalls.com\/blog\/hidden-cobra-north-koreas-malware-unit\/#article","isPartOf":{"@id":"https:\/\/www.firewalls.com\/blog\/hidden-cobra-north-koreas-malware-unit\/"},"author":{"name":"Andrew Harmon","@id":"https:\/\/www.firewalls.com\/blog\/#\/schema\/person\/8e89a2f96065af1717d00dfd06dca962"},"headline":"Taming the Hidden Cobra: The DPRK&#8217;s Malware Brigade","datePublished":"2017-08-24T16:58:46+00:00","dateModified":"2025-10-23T16:03:45+00:00","mainEntityOfPage":{"@id":"https:\/\/www.firewalls.com\/blog\/hidden-cobra-north-koreas-malware-unit\/"},"wordCount":746,"publisher":{"@id":"https:\/\/www.firewalls.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.firewalls.com\/blog\/hidden-cobra-north-koreas-malware-unit\/#primaryimage"},"thumbnailUrl":"https:\/\/www.firewalls.com\/blog\/wp-content\/uploads\/2017\/08\/HC-FtrdImg.png","articleSection":["Cybersecurity"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.firewalls.com\/blog\/hidden-cobra-north-koreas-malware-unit\/","url":"https:\/\/www.firewalls.com\/blog\/hidden-cobra-north-koreas-malware-unit\/","name":"Taming the Hidden Cobra: The DPRK's Malware Brigade - Firewalls.com","isPartOf":{"@id":"https:\/\/www.firewalls.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.firewalls.com\/blog\/hidden-cobra-north-koreas-malware-unit\/#primaryimage"},"image":{"@id":"https:\/\/www.firewalls.com\/blog\/hidden-cobra-north-koreas-malware-unit\/#primaryimage"},"thumbnailUrl":"https:\/\/www.firewalls.com\/blog\/wp-content\/uploads\/2017\/08\/HC-FtrdImg.png","datePublished":"2017-08-24T16:58:46+00:00","dateModified":"2025-10-23T16:03:45+00:00","description":"What is Hidden Cobra and what can you do to protect your network against attacks? How to find out if you've been targeted and what to do next.","breadcrumb":{"@id":"https:\/\/www.firewalls.com\/blog\/hidden-cobra-north-koreas-malware-unit\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.firewalls.com\/blog\/hidden-cobra-north-koreas-malware-unit\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.firewalls.com\/blog\/hidden-cobra-north-koreas-malware-unit\/#primaryimage","url":"https:\/\/www.firewalls.com\/blog\/wp-content\/uploads\/2017\/08\/HC-FtrdImg.png","contentUrl":"https:\/\/www.firewalls.com\/blog\/wp-content\/uploads\/2017\/08\/HC-FtrdImg.png","width":780,"height":330,"caption":"hidden cobra north koreas cyber crime and malware unit and how the fbi and dhs technical alerts"},{"@type":"BreadcrumbList","@id":"https:\/\/www.firewalls.com\/blog\/hidden-cobra-north-koreas-malware-unit\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.firewalls.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Taming the Hidden Cobra: The DPRK&#8217;s Malware Brigade"}]},{"@type":"WebSite","@id":"https:\/\/www.firewalls.com\/blog\/#website","url":"https:\/\/www.firewalls.com\/blog\/","name":"Firewalls.com","description":"Your Home For Cyber Security News, Stories, &amp; Tutorials","publisher":{"@id":"https:\/\/www.firewalls.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.firewalls.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.firewalls.com\/blog\/#organization","name":"Firewalls.com","url":"https:\/\/www.firewalls.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.firewalls.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.firewalls.com\/blog\/wp-content\/uploads\/2017\/08\/BrandedLogo-TagLineBelow.png","contentUrl":"https:\/\/www.firewalls.com\/blog\/wp-content\/uploads\/2017\/08\/BrandedLogo-TagLineBelow.png","width":365,"height":85,"caption":"Firewalls.com"},"image":{"@id":"https:\/\/www.firewalls.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["http:\/\/www.facebook.com\/firewallscom","https:\/\/x.com\/firewallscom","https:\/\/www.linkedin.com\/company-beta\/1439857\/","https:\/\/www.youtube.com\/user\/firewallsDotCom"]},{"@type":"Person","@id":"https:\/\/www.firewalls.com\/blog\/#\/schema\/person\/8e89a2f96065af1717d00dfd06dca962","name":"Andrew Harmon","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/82936bfb8f1442a22d205a04a3feacea2a3566500f61df50f53fa21ec3306ee9?s=96&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/82936bfb8f1442a22d205a04a3feacea2a3566500f61df50f53fa21ec3306ee9?s=96&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/82936bfb8f1442a22d205a04a3feacea2a3566500f61df50f53fa21ec3306ee9?s=96&r=g","caption":"Andrew Harmon"},"description":"Andrew Harmon was the Director of Marketing for Firewalls.com, co-host of the Ping podcast, and engineer-to-English translator of the network security lexicon. Andrew focused on creating content for small business owners and cybersecurity novices to make this crucial facet of modern business more approachable for non-experts everywhere.","sameAs":["https:\/\/www.Firewalls.com","aharmon@firewalls.com"],"url":"https:\/\/www.firewalls.com\/blog\/author\/aharmon\/"}]}},"_links":{"self":[{"href":"https:\/\/www.firewalls.com\/blog\/wp-json\/wp\/v2\/posts\/12551","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.firewalls.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.firewalls.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.firewalls.com\/blog\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/www.firewalls.com\/blog\/wp-json\/wp\/v2\/comments?post=12551"}],"version-history":[{"count":41,"href":"https:\/\/www.firewalls.com\/blog\/wp-json\/wp\/v2\/posts\/12551\/revisions"}],"predecessor-version":[{"id":26138,"href":"https:\/\/www.firewalls.com\/blog\/wp-json\/wp\/v2\/posts\/12551\/revisions\/26138"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.firewalls.com\/blog\/wp-json\/wp\/v2\/media\/12552"}],"wp:attachment":[{"href":"https:\/\/www.firewalls.com\/blog\/wp-json\/wp\/v2\/media?parent=12551"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.firewalls.com\/blog\/wp-json\/wp\/v2\/categories?post=12551"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.firewalls.com\/blog\/wp-json\/wp\/v2\/tags?post=12551"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}