The US Homeland Security (DHS) and the FBI Department have released another joint warning about a new piece of malware that the prolific North Korean hacking group apartment is using the Hidden Cobra actively in the wild.
The group is also known as the Patron of Lazarus Group,
supported by the North Korean government and is known to launch cyber attacks against media organizations, aerospace, financial and critical infrastructure sectors worldwide.
Malware imposes a proxy server / port and a custom protocol, configured with proxy username and password, allows the bypass to compromise the system’s authentication system to reach out to the network.
ElectricFish Malware is a command line utility, whose main purpose is to quickly funnel traffic between two IP addresses With the help of ElectricFish Malware, it is possible to connect a system sitting in a proxy server, which allows attackers to bypass the required authentication for the infected system. She is making.
Once ElectricFish proxy configured, it immediately tries to establish a session with the destination IP address, located outside the hunting network and source IP address. The attack will use the given signal to specify the source and destination for tunnel traffic.
The US organization has already infected this new malware, the malware joint analysis report (March) has stated that the warning has been issued “activated the network And reducing the security risks to the North Korean government’s malicious cyber activity. “
The DHS and FBI said the advisory was published “to enable network defense and reduce exposure to North Korean government malicious cyber activity.”
For the hidden Cobra consultation, the US Government has issued since 2017 with the emergence of the global WannaCry ransomware outbreak, which was believed to be the work of North Korean hackers.