From securityweek.com
The U.S. Department of Homeland Security (DHS) on Thursday published a malware analysis report detailing another piece of malware used by threat actors linked to the North Korean government.
The report, a result of collaboration between the DHS and the Federal Bureau of Investigation (FBI), describes a traffic tunneling tool named ELECTRICFISH. The U.S. government has attributed this tool to the group it tracks as Hidden Cobra, better known as Lazarus.
The malware, delivered as a 32-bit Windows executable file, implements a custom protocol that allows attackers to funnel traffic between two IP addresses.