North Korean hacker group might be behind worldwide cyber attacks

North Korean-sponsored malware terrorized the world for nearly a decade

DeltaCharlie North Korean virus illustration

FBI and U.S. Department of Homeland Security have recently issued a sensational report claiming that since 2009 North Korean government have been organizing state-sponsored hacking attacks against global institutions and organizations, media structures, communication as well as areas of air and land transportation [1].

For 8 consecutive years, a group of hackers called the “Hidden Cobra” have been carrying out the so-called distributed denial-of-service (DDoS) attacks [2] which aimed to affect European countries, America, Asia and other continents of the world.

The same perpetrators are also linked to WannaCry attacks that took place in May and managed to affect more than 400,000 computers. This once again shows that North Korean authorities take pleasure not only in demonstrating their warfare in real life but extend this tradition to the cyberspace as well.

Hackers used DDoS tool called “DeltaCharlie” to corrupt PCs and networks

According to the DHS and FBI’s investigations, Korean hackers are using a DDoS activation tool called DeltaCharlie to carry out the attacks. This malicious bot is capable of launching Domain Name System (DNS), Network Time Protocol (NTP), Character Generation Protocol (CHARGEN) DDoS attacks. DeltaCharlie operates via svchost service, so besides having the ability to start or terminate DDoS attacks, the virus may also:

  • Automatically implement changes to its code in real-time and update itself;
  • Download executable files;
  • Terminate its own or other processes on the computer.

But before the virus is able to carry out these malicious operations, it must first find a way to infiltrate the system. Outdated, unsupported Windows versions including Windows XP or Vista provide perfect conditions for that to happen. Unpatched operating systems have numerous gaping security holes which may be taken advantage of when deploying malware on the computers. Hangul Word Processor CVE-2015-6585, Microsoft Silverlight CVE-2015-8651, Adobe Flash Player CVE-2016-0034 are just a few of these vulnerabilities.

Regular updates are crucial for increasing system's defense

While DeltaCharlie-driven DDoS attacks seem to have died down, the issue of cyber security never loses its relevance. The world is just one step away from another major cyber attack and having an outdated and vulnerable system is definitely not going to help you protect yourself.

You should start paying attention to the system’s security and start by updating the installed software. Don’t randomly download updates that you may be offered online — these are most likely malicious. Instead, visit your software vendor’s official website and look for updates there. As for the security upgrades for your operating system, you can keep the automatic Windows Update service enabled, and you will always receive the latest updates in time.

About the author
Olivia Morelli
Olivia Morelli - Ransomware analyst

Olivia Morelli is News Editor at She covers topics such as computer protection, latest malware trends, software vulnerabilities, data breaches, and more.

Contact Olivia Morelli
About the company Esolutions