U.S. Government Details ELECTRICFISH Malware Used by North Korea

From securityweek.com

ELECTRICFISH malware used by North Korean hackers

The U.S. Department of Homeland Security (DHS) on Thursday published a malware analysis report detailing another piece of malware used by threat actors linked to the North Korean government.

The report, a result of collaboration between the DHS and the Federal Bureau of Investigation (FBI), describes a traffic tunneling tool named ELECTRICFISH. The U.S. government has attributed this tool to the group it tracks as Hidden Cobra, better known as Lazarus.

The malware, delivered as a 32-bit Windows executable file, implements a custom protocol that allows attackers to funnel traffic between two IP addresses.

Read more…