Multiple recommendations issued to defend against Electricfish tunneling malware

News by Bradley Barth

The dangers of ELECTRICFISH, a tunneling tool used for traffic funneling and data exfiltration by a North Korea government hacking group are explained in a new US government Malware Analysis Report (MAR).

The dangers of ELECTRICFISH, a tunneling tool used for traffic funneling and data exfiltration by the North Korea government hacking group Hidden Cobra are explained in a new Malware Analysis Report (MAR) jointly issued by the US FBI and Department Homeland Security.

ELECTRICFISH is attributed to North Korea.

The 32-bit Windows executable file is a command-line utility that establishes a connection between a source IP address and destination IP address and implements a custom protocol, allowing the APT group (also known as Lazarus) to move traffic and data rapidly between an infected machine and their own network.

Additionally, the MAR continues, "The malware can be configured with a proxy server/port and proxy username and password. This feature allows connectivity to a system sitting inside of a proxy server, which allows the actor to bypass the compromised system’s required authentication to reach outside of the network."

The report offers multiple recommendations from DHS’ Cybersecurity and Infrastructure Security Agency (CISA) to help protect against this and other threats.

This article was originally published on SC Media US.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming event 

Webcast: Understanding this year's biggest adversaries - and how to combat them 

Nation-state activity, versatile, slippery strategies and Big Game Hunting - the threats are real, dangerous and ever changing. 
Brought to you in partnership with Crowdstrike