US Government Identifies North Korean Hacking Tool

Authorities in the United States have this week identified malware allegedly from North Korea, which is said to be part of that country’s hacking program to raise funds from targets aboard.

The malware, dubbed ‘ElectricFish’, was identified by both the FBI and Department for Homeland Security (DHS).

The US Cyber Emergency Response Team (US-Cert) published a report warning both the security industry and the general public about the new malware on Thursday.

Malware identified

“Working with US Government partners, DHS and FBI identified a malware variant used by the North Korean government,” warned the report. “This malware has been identified as ElectricFish.”

The US Government said the malware is part of the “malicious cyber activity by the North Korean government,” a campaign it calls Hidden Cobra.

“DHS and FBI are distributing this MAR to enable network defense and reduce exposure to North Korean government malicious cyber activity,” the report added.

So how does the malware work?

Well it is said to be capable of stealing information from a victim’s computer network by bypassing security settings thanks to a malicious 32-bit Windows executable file.

“The malware implements a custom protocol that allows traffic to be funnelled between a source and a destination Internet Protocol (IP) address,” said the report. “The malware continuously attempts to reach out to the source and the designation system, which allows either side to initiate a funnelling session.”

“The malware can be configured with a proxy server/port and proxy username and password,” it added. “This feature allows connectivity to a system sitting inside of a proxy server, which allows the actor to bypass the compromised system’s required authentication to reach outside of the network.”

Funding exercise

And at least one security expert has acknowledged that the malware is part of North Korean efforts to gain much needed funds from overseas.

“The government released information on the malware so that the North Koreans won’t be able to continue using and monetising it,” said Sam Curry, chief security officer at Cybereason. “Its like cutting the head off a snake. Expect more announcements from the DHS and FBI in the future.”

“As a country, North Korea is a very poor nation and their nation state hacking capabilities help to fund budgets,” said Curry. “This is a new type of cyber sanction on North Korea. The feds are actively reducing the shelf life of these incremental improvements.”

“It’s not just a cold war but is economic in nature: the idea is to see how deep North Korea’s coffers are and to waste their investment,” Curry concluded. “That’s not a good fight to get into with the world’s largest government by GDP.”

Do you know all about security? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago