US Releases Malware Linked To N. Korean Hacking Group

Uploaded on 2019-08-19 in INTELLIGENCE--International, FREE TO VIEW

US Cyber Command, a division of the National Security Agency, has released a set of new set of samples of malware that they say are linked to North Korean hackers from the Lazarus Group. The military unit tweeted on Wednesday 14th August saying it had uploaded to VirusTotal, a widely used database for malware and security research.

It’s not the first time the unit has uploaded malware to the server, it has its own Twitter account that tells followers which malware it has uploaded. 

On one hand the disclosure helps security teams fight threats from nation states, but it also gives a rare glimpse inside the nation state-backed hacking groups on which Cyber Command is focused. The uploaded malware sample is named Electric Fish by the US government.

Electric Fish is a tunneling tool designed to exfiltrate data from one system to another over the internet once a backdoor has been placed.

Electric Fish is linked to the APT38 hacking group.
FireEye says APT38 has distinctly different motivations from other North Korean-backed hacking groups like Lazarus, which was blamed for the Sony hack in 2016 and the WannaCry ransomware attack in 2017. APT38 is focused on financial crimes, such as stealing millions of dollars from banks across the world, the cyber-security firm said but, they are probably connected. 

Lazarus is an umbrella name that typically describes hacking activity which advances Pyongyang’s interests. The group is especially known for its financial motivations, such as abusing the Society for Worldwide Interbank Financial Telecommunication (SWIFT) monetary transfer system and for hacking banks, according to Adam Meyers, vice president of intelligence at CrowdStrike.

Electric Fish was first discovered in May, according to Homeland Security’s cybersecurity division CISA, but APT38 has been active for several years.

A recently leaked United Nations report said the North Korean regime has stolen more than $2 billion through dozens of cyber-attacks to fund its various weapons programs. APT38 has amassed more than $100 million in stolen funds since its inception.

USCert:        USCert:        Business Computing:       Techcrunch:

You Might Also Read: 

N. Korea’s Hackers Stole $2b To Fund Its Missile Program:



 

« Attacks On Financial Services Just Keep Going Up
The Global Cyber Skills & Training Shortage »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Information Commissioner's Office (ICO)

Information Commissioner's Office (ICO)

The Information Commissioner's Office is an independent authority set up to uphold information rights in the public interest.

PhishLine

PhishLine

PhishLine helps Information Security Professionals meet and overcome the increasing challenges associated with social engineering and phishing.

Verve Industrial Protection

Verve Industrial Protection

Verve specialize in providing software and services to help protect and secure critical industrial control systems.

Array Networks

Array Networks

Array Networks, the network functions platform company, develops purpose-built systems for hosting virtual networking and security functions with guaranteed performance.

Oxford BioChronometrics

Oxford BioChronometrics

By building profiles based on electronically Defined Natural Attributes, or e-DNA, Oxford BioChronometrics protects digital networks, communities, individuals and other online assets from fraud.

SecureNinja

SecureNinja

SecureNinja provides professional training, certifications & professional services related to all facets of Information Technology and Cyber Security.

Navarino

Navarino

Navarino is the maritime industry’s most advanced communications and connectivity company. We develop advanced technologies and innovative IT solutions including cyber security.

Cyber Academy

Cyber Academy

Cyber Academy is one of the first institutions in the SE Europe region that provides a hands-on program in cyber security, blockchain and AI.

Veracity Industrial Networks

Veracity Industrial Networks

Veracity provides an innovative industrial network platform that improves the reliability, efficiency, and security of industrial networks and devices.

Cypherix

Cypherix

Cypherix is tightly focused on cryptography and data security. We leverage our expertise to deliver state-of-the-art, world-class encryption software packages.

SubRosa Cyber Solutions

SubRosa Cyber Solutions

SubRosa Cyber Solutions solves its clients’ most tenacious information security, risk and compliance challenges through a multitude of information technology services and expertise.

KT Secure

KT Secure

KTSecure’s mission is to provide proven and productive cyber security solutions and managed services, backed by our highly qualified and passionate team of experts.

HORNE Cyber

HORNE Cyber

HORNE Cyber's offense-oriented approach to cybersecurity uncovers hidden cyber risk and significantly reduces exposure to security threats.

AMSYS Innovative Solutions

AMSYS Innovative Solutions

AMSYS is a full-service, 24/7/365 IT solutions, Cybersecurity & Managed Service Provider.

Altospam

Altospam

Altospam is a full service corporate email protection, integrating multiple security levels for your emails.

NetGain Technologies

NetGain Technologies

NetGain Technologies helps small to medium-sized businesses gain access to expert IT talent. We provide strategies that use technology as a driving force behind business growth.