US Releases Malware Linked To N. Korean Hacking Group

US Cyber Command, a division of the National Security Agency, has released a set of new set of samples of malware that they say are linked to North Korean hackers from the Lazarus Group. The military unit tweeted on Wednesday 14th August saying it had uploaded to VirusTotal, a widely used database for malware and security research.

It’s not the first time the unit has uploaded malware to the server, it has its own Twitter account that tells followers which malware it has uploaded. 

On one hand the disclosure helps security teams fight threats from nation states, but it also gives a rare glimpse inside the nation state-backed hacking groups on which Cyber Command is focused. The uploaded malware sample is named Electric Fish by the US government.

Electric Fish is a tunneling tool designed to exfiltrate data from one system to another over the internet once a backdoor has been placed.

Electric Fish is linked to the APT38 hacking group.
FireEye says APT38 has distinctly different motivations from other North Korean-backed hacking groups like Lazarus, which was blamed for the Sony hack in 2016 and the WannaCry ransomware attack in 2017. APT38 is focused on financial crimes, such as stealing millions of dollars from banks across the world, the cyber-security firm said but, they are probably connected. 

Lazarus is an umbrella name that typically describes hacking activity which advances Pyongyang’s interests. The group is especially known for its financial motivations, such as abusing the Society for Worldwide Interbank Financial Telecommunication (SWIFT) monetary transfer system and for hacking banks, according to Adam Meyers, vice president of intelligence at CrowdStrike.

Electric Fish was first discovered in May, according to Homeland Security’s cybersecurity division CISA, but APT38 has been active for several years.

A recently leaked United Nations report said the North Korean regime has stolen more than $2 billion through dozens of cyber-attacks to fund its various weapons programs. APT38 has amassed more than $100 million in stolen funds since its inception.

USCert:        USCert:        Business Computing:       Techcrunch:

You Might Also Read: 

N. Korea’s Hackers Stole $2b To Fund Its Missile Program:



 

« Attacks On Financial Services Just Keep Going Up
The Global Cyber Skills & Training Shortage »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Dionach

Dionach

Dionach are a certified information security specialists who provide Penetration Testing, IT Security Auditing and Information Security Consultancy.

Komodo Consulting (KomodoSec)

Komodo Consulting (KomodoSec)

Komodo Consulting specializes in Penetration Testing and Red-Team Excercises, Cyber Threat Intelligence, Incident Response and Application Security.

Maritime Cybersecurity Center (MCC)

Maritime Cybersecurity Center (MCC)

Maritime Cybersecurity Center is a not-for-profit organization focused on regional cybersecurity excellence and readiness, with a special emphasis on the maritime community.

Keepnet Labs

Keepnet Labs

Keepnet Labs is a phishing defence platform that provides a holistic approach to people, processes and technology to reduce breaches and data loss and presents anti-phishing solutions.

Invest Ottawa

Invest Ottawa

The IO Accelerator Program is designed to rapidly and systematically accelerate the development and commercial success of high growth technology firms.

Cyber Security Africa

Cyber Security Africa

Cyber Security Africa is a full-service Information Security Consulting firm offering a comprehensive range of Services and Products to help organizations protect their valuable assets.

Axxum Technologies

Axxum Technologies

Axxum Technologies is a premier provider of Network Communications and Information Technology Security Solutions.

Polymer Solutions

Polymer Solutions

Polymer is a Data Governance & Privacy Platform for third party SaaS apps. A modern Data Loss Protection (DLP) approach to remove sensitive data exposure on collaboration tools in real-time.

Axis Security

Axis Security

Axis Security technologies transform open networks and vulnerable applications into fully protected resources that the business can trust.

Netenrich

Netenrich

The Netenrich operations intelligence platform is built from the ground up to help enterprises resolve everyday and futuristic problems for stable, secure environments and infrastructures.

Secmation

Secmation

Secmation are an agile engineering services firm providing advanced DoD level security design and consultation services for both commercial and defense hardware and software applications.

National Cyber Security Center (NCSC) - Vietnam

National Cyber Security Center (NCSC) - Vietnam

National Cyber Security Center of Vietnam has a central monitoring function and is a technical focal point for monitoring and supporting information security for people, businesses and systems.

Cisco Systems

Cisco Systems

Cisco helps seize the opportunities of tomorrow by proving that amazing things can happen when you connect the unconnected.

Focus on Security

Focus on Security

Focus on Security are Cyber Security recruitment specialists. We’re dedicated to connecting you with the top Cyber Security talent across the globe. We focus on partnerships and results.

Entro Security

Entro Security

Entro is the first holistic secrets security platform that detects, safeguards, and enriches with context your secrets across code, vaults, chats, and platforms.

Kong

Kong

Kong - powering the API world. Increase developer productivity, security, and performance at scale with the unified platform for API management, service mesh, and ingress controller.