US SECURITY AGENCIES have uncovered new malware linked to North Korea that is designed to exfiltrate data from a target's network and has been linked with the Hidden Cobra advanced persistent threat (APT) group.
Security researchers know the Hidden Cobra group by various different names, including Lazarus, ZINC, Guardians of Peace, NICKEL ACADEMY, and many others.
The warning over 'ElectricFish' was released on Thursday in a joint malware analysis report (MAR) issued by the US Department of Homeland Security and Federal Bureau of Investigation.
An analysis of the 32-bit tunnelling tool found that the malware is capable of bypassing a server's security protocols.
When people connect their machines to the internet, a proxy server acts as the gateway. The primary job of the proxy server is to provide a firewall and web filter to machines to protect them from potential threats on the web.
But ElectricFish can establish a session between the target system and the attackers, bypassing the proxy server's authentication procedures.
"The malware implements a custom protocol that allows traffic to be funnelled between a source and a destination Internet Protocol (IP) address," explains the advisory, adding that it "attempts to reach out to the source and the designation system, which allows either side to initiate a funnelling session.
"The malware can be configured with a proxy server/port and proxy username and password. This feature allows connectivity to a system sitting inside of a proxy server, which allows the actor to bypass the compromised system's required authentication to reach outside of the network."
Once a session is established, the malware can funnel traffic between the two systems to enable attackers to transfer stolen data from compromised machines to servers controlled by them.
The US agencies have advised administrators and users to flag any suspicious activity associated with the malware. According to US-CERT, all such activities should be reported to the FBI Cyber Watch or the Cybersecurity and Infrastructure Security Agency. µ
Bad for shareholders, mildly good for the planet
YouTube on the Tube
Claims that it hasn't ever actually worked