Electricfish : a new malware from North Korea
The MAR (Malware Analysis Report) AR19-129A has been released in May 2019. This report sounds the alarm about a new malware from North Korea : Electricfish.
What is Electricfish ?
A malware is a generic term to describe a program or malicious code developed to harm a computer system.
Electricfish is considered as a new malware. It was discovered by the FBI and the U.S. Department of Homeland Security (DHS). The AR19A report, written by the aforementioned agencies, has been published on the American government’s website explains how this malware works by analyzing some infected files.
This malware allows to the traffic to be diverted between the source and destination IP address. Using the proxy port, hackers can configure the malware to permit hackers to connect to a system located within the proxy server. Thanks to this method, they avoid the authentication system of the infected machine. Thus, hackers can access the system of their victims. This malware is mainly designed to exfiltrate data.
Who is hiding behind this malware ?
Korean hackers seem to be the origin of this malware. Indeed, Electricfish has been found after FBI and DHS examined activities of a famous hacker group named Lazarus (also known as : Hidden Cobra, Guardians of Peace, or Nickel Academy) .This hacker team is suspected to be supported by the Korean government, even if no direct links have been established at this point in time.
This group is involved in a lot of attacks against companies, medias, banks etc.. They are mostly known because they are instigators of the « Wannacry » attack that reached over 300 000 computers in 150 countries in May 2017. This cyberattack is considered as the biggest hack in history. Sony has also been a victim of a cyberattack when the company released the movie «The Interview », in which the protagonists plan to murder Kim Jong-Un.
For North Korea, cyberattacks are a way to weaken the States. So, this report has been published to alert the American population to the threat and to reduce the malicious cyber-activity of the North Korean government.