Police in Thailand have seized a computer server operated by a notorious hacker group from North Korea.
The group affected has been blamed for the infamous Sony Pictures hack in 2014.
Thailand’s Computer Emergency Response Team (ThaiCERT) announced that it took control of the equipment that the security firm McAfee had linked to Hidden Cobra – also known as the Lazarus Group – that is believed to be behind a number of high-profile attacks.
A report from McAfee Advanced Threat Research found that a campaign referred to as Operation GhostSecret has been targeting critical infrastructure, entertainment, finance, healthcare, telecommunications and other key industries.
The group behind the campaign has been using the same malware as that used in the 2014 Sony Pictures attack, which saw vast amounts of confidential data stolen from the film studio.
“This analysis by the McAfee Advanced Threat Research team has found previously undiscovered components that we attribute to Hidden Cobra, which continues to target organizations around the world,” the researchers reported.
One of the servers identified in the report that had been used by the group was housed at Thammasat University in Bangkok, Thailand.
ThaiCERT said that it was working with McAfee to analyze the compromised server in an effort to understand ongoing threats and assist any potential victims.
The McAfee researchers also discovered a new type of malware that has been carrying out attacks undetected since 2017.
The report detailed how the unknown attack method was connected to recent operations involving servers in India, which hackers have been exploiting to establish a secret network to carry out future attacks.
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies