Multiple recommendations issued to defend against Electricfish tunneling malware

News by Bradley Barth

The dangers of ELECTRICFISH, a tunneling tool used for traffic funneling and data exfiltration by a North Korea government hacking group are explained in a new US government Malware Analysis Report (MAR).

The dangers of ELECTRICFISH, a tunneling tool used for traffic funneling and data exfiltration by the North Korea government hacking group Hidden Cobra are explained in a new Malware Analysis Report (MAR) jointly issued by the US FBI and Department Homeland Security.

ELECTRICFISH is attributed to North Korea.

The 32-bit Windows executable file is a command-line utility that establishes a connection between a source IP address and destination IP address and implements a custom protocol, allowing the APT group (also known as Lazarus) to move traffic and data rapidly between an infected machine and their own network.

Additionally, the MAR continues, "The malware can be configured with a proxy server/port and proxy username and password. This feature allows connectivity to a system sitting inside of a proxy server, which allows the actor to bypass the compromised system’s required authentication to reach outside of the network."

The report offers multiple recommendations from DHS’ Cybersecurity and Infrastructure Security Agency (CISA) to help protect against this and other threats.

This article was originally published on SC Media US.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews

Interview - Everyone has an Achilles heel: The new security paradigm

How can we defend networks now that the perimeter has all but disappeared?
Brought to you in partnership with ExtraHop