Approx. read time: 2.6 min.
Post: North Korean Hackers Use ELECTRICFISH Malware to Steal Data
North Korean Hackers Use ELECTRICFISH Malware to Steal Data. The Federal Bureau of Investigation (FBI) and the U.S. Department of Homeland Security (DHS) have issued a joint malware analysis report (MAR) on a malware strain dubbed ELECTRICFISH, used by the North Korean APT group Lazarus for data exfiltration from victims.
According to the MAR AR19-129A advisory released on the US-CERT website, the malware was detected during tracking of the malicious activities of the North Korean-backed hacking group HIDDEN COBRA (also known as Lazarus, Guardians of Peace, ZINC, and NICKEL ACADEMY).
The MAR-10135536-21 malware analysis report was issued “to enable network defense and reduce exposure to North Korean government malicious cyber activity.”
The ELECTRICFISH malware, as detailed in the advisory, allows attackers to funnel network traffic between a source and a destination IP address. It is configured to bypass a system’s authentication by using a proxy server/port, username, and password, enabling attackers to connect to a system inside a protected network.
North Korean Hackers Use ELECTRICFISH Malware to Steal Data
ELECTRICFISH uses a custom protocol to establish a continuous connection between two machines, allowing malicious actors to funnel data from compromised systems to servers they control. This malware enables Lazarus group hackers to exfiltrate sensitive information undetected.
After bypassing configured authentication measures on the compromised machine, ELECTRICFISH establishes a session between the target system’s IP address and a remote destination. This traffic funneling makes it easier for hackers to extract information from compromised systems over the internet.
The DHS and FBI recommend reporting any suspicious activity related to this malware to the Cybersecurity and Infrastructure Security Agency (CISA) or the FBI Cyber Watch (CyWatch) for immediate mitigation actions.
@CISAgov & the @FBI released information today on North Korean malware known as ELECTRICFISH. This malware analysis report contains instructions on how to report incidents, request resources, and mitigate risks.
— Cybersecurity (@cyber) May 9, 2019
How to avoid infection
To avoid falling victim to ELECTRICFISH or similar malware, administrators should follow these best practices:
- Patching operating systems regularly and restricting software installation permissions;
- Being cautious when opening email attachments and avoid using unauthorized removable media;
- Disabling file and printer-sharing services when possible, or enforcing strong passwords if necessary.
For full technical details and a list of Indicators of Compromise (IoCs) related to ELECTRICFISH, visit the [official US-CERT advisory](https://www.us-cert.gov/ncas/analysis-reports/AR19-129A).
ELECTRICFISH is part of a broader set of North Korean cyber activities that target both government and private sector entities worldwide. Groups like Lazarus have been linked to other significant attacks, including the 2017 WannaCry ransomware attack and the 2014 Sony Pictures hack.[16][14]
Related Videos:
Related Posts:
Russian hackers are eight times faster than North Korean groups
North Korea Showcases Military Spy Satellite: Kim Jong Un’s Strategic Move
iPhone Hacking Tool Used by FBI Up for Sale on eBay for $100
Challenges and Strategies: The Entry of Chinese EVs into North American Markets
1.8 Million Users Attacked by Android Banking Malware, 300% Increase Since 2017
Related Posts
About the Author: Bernard Aybout (Virii8)
