North Korea uses malicious software to steal data through a malicious software called ElectricFish, used by the North Korean Lazarus group, also known as APT, to obtain data from victims.
The Federal Bureau of Investigation (FBI) and the Department of Homeland Security (DHS) released a joint report on malware analysis (MAR AR19-129A), which talks about ElectricFish software.
According to the report published on the US-CERT website, the malware strain was detected during the surveillance of the harmful activities of the Hidden Cobra group, supported by North Korea, also known as security experts Lazarus, Guardians of Peace and ZINC.
The report was issued to enable the defense of the network and reduce exposure to malicious cyber-action by the North Korean government, including malicious code descriptions of the Hidden Cobra Group, proposed response procedures, and recommended mitigation techniques.
Users or officials are required to report malicious software-related activities and report them to the Cyber Security Agency, CISA, CyberWatch, and to give priority to the activity to mitigate its damage.
The report does not clarify that the US institutions have been infected by this malicious software previously, but comes with a detailed analysis of the executable file, which was found to be infected with malicious software called ElectricFish, used by the group Lazarus.
This software bypasses the server's security protocols, and transfers the Internet between two devices, allowing members of the hacking group to collect information collected from compromised computers and convert them to the servers they control.
The Federal Bureau of Investigation (FBI) and the Department of Homeland Security (DHS) aim to provide organizations with a more detailed analysis of the manual reverse engineering of malware used by the North Korean government's penetration team.
This is the 16th US-CERT report on the Hidden Cobra group since it launched in May 2017 a worldwide attack via WannaCry software, which paralyzed parts of the UK's National Health Service, accusing the United States, Britain and North Korea of developing and deploying WannaCry.
0 Comments