Threat Management, Threat Management, Threat Intelligence, Malware

U.S. intel agencies issue analysis of North Korea’s ELECTRICFISH tunneling tool

The FBI and Department Homeland Security have jointly issued a new Malware Analysis Report (MAR) warning of the dangers of ELECTRICFISH, a tunneling tool used for traffic funneling and data exfiltration by the North Korea government hacking group Hidden Cobra.

ELECTRICFISH is attributed to North Korea.

The 32-bit Windows executable file is a command-line utility that establishes a connection between a source IP address and destination IP address and implements a custom protocol, allowing the APT group (also known as Lazarus) to move traffic and data rapidly between an infected machine and their own network.

Additionally, the MAR continues, "The malware can be configured with a proxy server/port and proxy username and password. This feature allows connectivity to a system sitting inside of a proxy server, which allows the actor to bypass the compromised system's required authentication to reach outside of the network."

The report offers multiple recommendations from DHS' Cybersecurity and Infrastructure Security Agency (CISA) to help protect against this and other threats.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.