Have you noticed a fall chill in the air?
More importantly, have you detected FALLCHILL malware hiding on your network?
FALLCHILL is North Korea's latest RAT (remote administration tool) that allows the country's cyber actors to secretly mine for your data.
The Department of Homeland Security and the FBI issued a joint Technical Alert with indicator of compromise (IOC) specifics, so you can find out if it is lurking.
FALLCHILL contains the following built-in functions for remote operations that provide various capabilities on a victim’s system:
"FALLCHILL typically infects a system as a file dropped by other HIDDEN COBRA malware or as a file downloaded unknowingly by users when visiting sites compromised by HIDDEN COBRA actors. HIDDEN COBRA actors use an external tool or dropper to install the FALLCHILL malware-as-a-service to establish persistence. Because of this, additional HIDDEN COBRA malware may be present on systems compromised with FALLCHILL. "
This latest RAT should not surprise anyone, because North Korea is one of the top three cyber threats to the United States, according to Major General Brett Williams.
Williams used to be Director of Operations at U.S. Cyber Command, and we interviewed him at SecureWorld Detroit: