US Releases Malware Linked To N. Korean Hacking Group

US Cyber Command, a division of the National Security Agency, has released a set of new set of samples of malware that they say are linked to North Korean hackers from the Lazarus Group. The military unit tweeted on Wednesday 14th August saying it had uploaded to VirusTotal, a widely used database for malware and security research.

It’s not the first time the unit has uploaded malware to the server, it has its own Twitter account that tells followers which malware it has uploaded. 

On one hand the disclosure helps security teams fight threats from nation states, but it also gives a rare glimpse inside the nation state-backed hacking groups on which Cyber Command is focused. The uploaded malware sample is named Electric Fish by the US government.

Electric Fish is a tunneling tool designed to exfiltrate data from one system to another over the internet once a backdoor has been placed.

Electric Fish is linked to the APT38 hacking group.
FireEye says APT38 has distinctly different motivations from other North Korean-backed hacking groups like Lazarus, which was blamed for the Sony hack in 2016 and the WannaCry ransomware attack in 2017. APT38 is focused on financial crimes, such as stealing millions of dollars from banks across the world, the cyber-security firm said but, they are probably connected. 

Lazarus is an umbrella name that typically describes hacking activity which advances Pyongyang’s interests. The group is especially known for its financial motivations, such as abusing the Society for Worldwide Interbank Financial Telecommunication (SWIFT) monetary transfer system and for hacking banks, according to Adam Meyers, vice president of intelligence at CrowdStrike.

Electric Fish was first discovered in May, according to Homeland Security’s cybersecurity division CISA, but APT38 has been active for several years.

A recently leaked United Nations report said the North Korean regime has stolen more than $2 billion through dozens of cyber-attacks to fund its various weapons programs. APT38 has amassed more than $100 million in stolen funds since its inception.

USCert:        USCert:        Business Computing:       Techcrunch:

You Might Also Read: 

N. Korea’s Hackers Stole $2b To Fund Its Missile Program:



 

« Attacks On Financial Services Just Keep Going Up
The Global Cyber Skills & Training Shortage »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Barracuda

Barracuda

Barracuda provides a comprehensive cybersecurity platform to protect organizations from all major attack vectors that are present in today’s complex threats.

HUB International

HUB International

HUB is one of the largest insurance brokers in the world. HUB Risk Services provides the full range of expert consulting to identify risks, reduce exposure to loss and manage claims issues.

GeoLang

GeoLang

GeoLang’s Ascema platform protects sensitive information at the content level by identifying, classifying and tracking data across the corporate infrastructure.

Smokescreen

Smokescreen

Smokescreen's IllusionBLACK employs deception technology to detect, deflect and defeat advanced hacker attacks.

Deceptive Bytes

Deceptive Bytes

Deceptive Bytes provides an Active Endpoint Deception platform that dynamically responds to attacks as they evolve and changes their outcome.

NGS (UK)

NGS (UK)

NGS (UK) Ltd are independent, vendor agnostic, next generation security trusted advisors, providing all-encompassing solutions from the perimeter to the endpoint.

Gradcracker

Gradcracker

Gradcracker is THE careers website for Science, Technology (including Cybersecurity), Engineering and Maths university students in the UK.

Naoris

Naoris

Naoris is the world’s first holistic blockchain-based cybersecurity ecosystem, bringing a game-changing solution to address 35 years of industry similar practice.

NeuroChain

NeuroChain

NeuroChain is an intelligent ecosystem that is more secure, more reliable and much faster than blockchain.

ComoNExT Innovation Hub

ComoNExT Innovation Hub

ComoNExT is a Digital Innovation Hub and a startup incubator with a focus on the issues of digital transformation and Industry 4.0.

Aristi Labs

Aristi Labs

Aristi Labs provides comprehensive security solutions to help businesses protect data and intellectual property, minimizing downtime and maximizing productivity.

Binarly

Binarly

Binarly has developed an AI-powered platform to protect devices against emerging firmware threats.

Auriga

Auriga

Auriga create innovative software and have become a benchmark for high quality banking software including cyber security solutions to protect business critical devices.

Strategic Technology Solutions (STS)

Strategic Technology Solutions (STS)

Strategic Technology Solutions specialize in providing Cybersecurity and Managed IT Services to the legal industry.

Cydea

Cydea

Cydea are an optimistic cyber security consultancy of experts in security, data, technology and design that want to build a safer, more secure world where more things go right.

NewsGuard Technologies

NewsGuard Technologies

NewsGuard provides transparent tools to counter misinformation for readers, brands, and democracies.