US Cyber Command uploaded DPRK hackers tool on VirusTotal
U.S. Cyber Command has published several samples of the malware used by North Korean government hackers.
All samples were uploaded on VirusTotal, popular service for file analysis.Cyber Command notified about the publication of malware samples via Twitter. The samples themselves can be found here and here.
The downloaded malware received the name Electric Fish from the US government. This tool was designed to extract data from one system and transfer it to another system.
“Electric Fish is a tunneling tool designed to exfiltrate data from one system to another over the internet once a backdoor has been placed”, — report in U.S. Cyber Command.
Electric Fish is associated with the activities of the government cybercriminal group APT38.
“APT38 has distinctly different motivations from other North Korean-backed hacking groups like Lazarus, which was blamed for the Sony hack in 2016 and the WannaCry ransomware attack in 2017. APT38 is focused on financial crimes, such as stealing millions of dollars from banks across the world”, — the cybersecurity firm FireEye said.
Electric Fish was first discovered in May. US Cyber Command believes that publishing it in the public domain will help specialists learn the tool and develop a defense strategy.
A recent United Nations report says the North Korean regime stole more than $ 2 billion through dozens of cyber attacks to fund its various weapons programs.
U.S. Cyber Command, the sister division of the National Security Agency focused on offensive hacking and security operations.