The Department of Homeland Security (DHS) and FBI have released a joint security advisory warning of a new strain of malware being used in North Korean cyberattacks.
Dubbed Electricfish, the malware was uncovered while the departments were tracking the activities of Hidden Cobra, a threat group believed to be state-sponsored and backed by the North Korean government.
Hidden Cobra has been connected to a variety of attacks against financial institutions, critical industrial players, and targets chosen for valuable intellectual property worldwide
Dubbed Electricfish, the malware was uncovered while the departments were tracking the activities of Hidden Cobra, a threat group believed to be state-sponsored and backed by the North Korean government.
Hidden Cobra has been connected to a variety of attacks against financial institutions, critical industrial players, and targets chosen for valuable intellectual property worldwide
The description of Electricfish is based on one malicious 32-bit Windows executable. After reverse engineering the sample, the malware was found to contain a custom protocol which permits traffic to be funneled between source and destination IP addresses.
"The malware can be configured with a proxy server/port and proxy username and password," the advisory reads.
No comments:
Post a Comment