Return to

June 15, 2017
Notes from the Pentagon

North Korea's hack threat
The FBI and Department of Homeland Security warned this week that North Korea is using malicious software to set up networks of hijacked computer devices that can be used in large-scale cyberattacks on critical infrastructure.

A report published Tuesday identifies the technical tools and networks used by North Korean government hackers to target media, aerospace, financial and critical infrastructure in the United States and around the world under the code name Hidden Cobra.

“DHS and FBI assess that Hidden Cobra actors will continue to use cyber operations to advance their government’s military and strategic objectives,” the report said. “Cyber analysts are encouraged to review the information provided in this alert to detect signs of malicious network activity.”

North Korea is considered to be a growing cyberwarfare threat and is believed to be developing capabilities to conduct large-scale cyberattacks on the United States.

The malware linked to the North Korean hackers is called Delta Charlie and is “used to manage North Korea’s distributed denial-of-service (DDoS) botnet infrastructure,” the notice from DHS’ Computer Emergency Readiness Team says.

The DHS and the FBI urged all system administrators who detect Hidden Cobra — either the malware, network signatures or other indicators — to report them to the DHS or FBI as soon as possible. Both agencies have special units to deal with such infrastructure cyberattacks, the National Cybersecurity Communications and Integration Center under the DHS and the FBI has its Cyber Watch program.

The notice says any signs of the North Korean cyberattack should be “given highest priority for enhanced mitigation” — an indication of the level of concern.

The notice listed a number of internet protocol addresses used by the North Koreans.

“Since 2009, Hidden Cobra actors have leveraged their capabilities to target and compromise a range of victims; some intrusions have resulted in the exfiltration of data while others have been disruptive in nature,” the notice said.

Alternative names used by the North Koreans include the Lazarus Group and Guardians of Peace.

The Guardians of Peace was the cover name used by North Korean hackers operating from China and Southeast Asia that carried out the November 2014 cyberattack against Sony Pictures International, one of the first major nation-state cyberattacks to be identified publicly by the U.S. government.

The North Koreans are using large networks of hijacked computers, called botnets, that are part of distributed denial of service attacks. Other hacking tools include keylogging software that can record and send keystrokes, remote access tools used in cyberespionage attacks, and “wiper” malware that destroys data.

“Further research is needed to understand the full breadth of this group’s cyber capabilities. In particular, DHS recommends that more research should be conducted on the North Korean cyber activity that has been reported by cybersecurity and threat research firms.” North Korean hackers generally target computer networks that use older, unsupported versions of Microsoft operating systems that contain security flaws. Adobe Flash player software vulnerabilities also have been used by Pyongyang’s hackers.

“A successful network intrusion can have severe impacts, particularly if the compromise becomes public and sensitive information is exposed,” the report warned, noting the danger of lost data, disruption of operations, financial losses and reputational damage. Network administrators are being urged to apply security patches to all software to stave off attacks.

China is increasing its power-projection capabilities with a basing structure and ships and aircraft designed for global reach, according to the Pentagon’s annual report on the Chinese military.

The report for the first time raises the prospect that China will dispatch aircraft or ships to areas near the United States in a bid to counter extensive Air Force and Navy surveillance around China’s coasts.

“China is expanding its access to foreign ports to pre-position the necessary logistics support to regularize and sustain deployments in the ‘far seas,’ waters as distant as the Indian Ocean, Mediterranean Sea, and Atlantic Ocean,” the report says in a special section on overseas access.

The most visible base is being built near the Horn of Africa in Djibouti. The Chinese began building a military base there in February 2016 and are expected to complete the facility this year. Beijing has said the base will help Chinese navy and army units take part in U.N. peacekeeping, assist naval escort missions in the area for Chinese freighters, and provide humanitarian assistance.

But the Pentagon said the base and regular naval visits to foreign ports “both reflect and [amplify] China’s growing influence, extending the reach of its armed forces.”

The report reverses decades of U.S. intelligence reporting that insisted China harbored no international ambitions beyond preparing to fight a conflict with Taiwan, located 100 miles across the strait with southern China. The Pentagon now believes China wants to project military power around the world to support its economic interests and critical sea lanes.

“China most likely will seek to establish additional military bases in countries with which it has a long-standing friendly relationship and similar strategic interests, such as Pakistan, and in which there is a precedent for hosting foreign militaries,” the report said.

China also is be expected to utilize the extensive global network of Chinese commercial overseas ports facilities to support military power projection.

The military logistics networks for Chinese forces will use a combination of dedicated People’s Liberation Army bases and commercial ports.

The report appears to play down the threat posed by the emerging Chinese global military power projection. It states that the Chinese will use the facilities for increasing participation in civilian evacuation operations, search and rescue, humanitarian and disaster relief — relatively benign activities.

At the end of the section, the report warns that the network of overseas logistics and basing sites “would also be essential to enable China to project and sustain military power at greater distances from China.”

China is developing an undersea nuclear strike capability through its new ballistic missile submarines, four of which have been deployed so far.

The boomers, as missile subs are called, will operate far from China's coasts into the eastern Pacific and Indian Oceans.

The submarine operating bastions are assessed by nuclear specialists as meant for China to have a first-strike nuclear capability – not the retaliatory strike capability that China claims is its limit strategic objective.

And on projecting power, Marine Corps Gen. Joseph F. Dunford, chairman of the Joint Chiefs of Staff, issued a dire warning to Congress this week about the decline of American military capabilities.

In prepared testimony before the House Armed Services Committee on Monday night, and again before the Senate on Tuesday, Gen. Dunford stated that the military’s competitive advantage against adversaries is “eroding.”

“Over the last decade, sustained operational commitments, budgetary instability, and advances by our adversaries have threatened our ability to project power and we have lost our advantage in key war-fighting areas,” he said.

The $603 billion budget request for fiscal 2018 will help the military fulfill its operational goals, rebuild some war-fighting readiness and move the military toward “a path to balancing the defense program,” the chairman noted.

But, the general warned, “without sustained, sufficient and predictable funding, I assess that within five years we will lose our ability to project power; the basis of how we defend the homeland, advance U.S. interests and meet our alliance commitments.”

The comments are an indirect slap at the policies of the Obama administration that cut defense spending by hundreds of billions of dollars and went along with Congress’ Budget Control Act that limited the Pentagon’s budget.

  • Contact Bill Gertz on Twitter via @BillGertz.

  • Return to