The recent alert from the US-CERT (TA17-164A) specifically points outs some interesting details about the threat they refer to as HIDDEN COBRA. Ultimately, this is simply the label that has been given to the North Korean government's malicious cyber activity.
While it details the types of attacks that are currently being see associated to HIDDEN COBRA, it also gives some insight into the tools that are being employed by this threat actor.
One of the points that I found more interesting was that the vulnerabilities currently being exploited are far from being classed as 0-days. These patches have been available for some time already and should have already been applied. If they are still getting into your network using the listed vulnerabilities, it's time to give serious though to your cybersecurity strategy - as these can be easily avoided.
That said, you also don't just burn a 0-day. One shouldn't simply take this message and assume that this threat actor is not holding onto a few, more advanced, exploits.
But still - stop reading and go patch something!
HIDDEN COBRA is known to use vulnerabilities affecting various applications. These vulnerabilities include: CVE-2015-6585: Hangul Word Processor Vulnerability CVE-2015-8651: Adobe Flash Player 220.127.116.114 and 19.x Vulnerability CVE-2016-0034: Microsoft Silverlight 5.1.41212.0 Vulnerability CVE-2016-1019: Adobe Flash Player 18.104.22.168 Vulnerability CVE-2016-4117: Adobe Flash Player 22.214.171.124 Vulnerability