The Department of Homeland Security and the FBI on Thursday publicly identified a new North Korean malware capable of funneling information from a victim’s computer network.
Dubbed ElectricFish by government officials, the malware is the latest tool in North Korea’s hacking program, referred to as Hidden Cobra. The U.S. Cyber Emergency Response Team published a report warning the public about the new malware on Thursday.
ElectricFish steals information from a target computer network by bypassing a server’s security protocols with a username and password.
“This feature allows connectivity to a system sitting inside of a proxy server, which allows the actor to bypass the compromised system’s required authentication to reach outside of the network,” said the report.
A proxy server acts as a gateway between a user and the internet, providing a firewall and web filter against potential threats on the open internet. ElectricFish avoids the proxy server by directly connecting hackers to a victim’s IP address, thus allowing the hacker to funnel information out.
US-CERT has published reports on Hidden Cobra since at least May 2017. Previous reports show North Korean hackers employ a number of hacking techniques and tools, including Trojan viruses designed to trick unsuspecting users and distributed denial of service, or DDoS, bot networks capable of taking down websites and web servers.
While much of North Korea’s infrastructure is archaic, the Kim Jong Un regime invests between 10 and 20% of the country’s military budget in online operations, according to the Congressional Research Service. Its cyber units are believed to be responsible for some of the most notorious hacks in recent years, including a massive penetration of South Korean banks in 2013, a company-wide data breach of Sony in 2014, and the WannaCry ransomware attacks in 2017.
The US-CERT report followed U.S. seizure of a North Korean ship on Wednesday suspected of violating international sanctions, which in turn followed North Korea’s test launch of two short-range missiles. Relations between the U.S. and North Korea have faltered since the abrupt end of a summit between President Trump and North Korean dictator Kim Jong Un in February.
