US Releases Malware Linked To N. Korean Hacking Group

Uploaded on 2019-08-19 in INTELLIGENCE--International, FREE TO VIEW

US Cyber Command, a division of the National Security Agency, has released a set of new set of samples of malware that they say are linked to North Korean hackers from the Lazarus Group. The military unit tweeted on Wednesday 14th August saying it had uploaded to VirusTotal, a widely used database for malware and security research.

It’s not the first time the unit has uploaded malware to the server, it has its own Twitter account that tells followers which malware it has uploaded. 

On one hand the disclosure helps security teams fight threats from nation states, but it also gives a rare glimpse inside the nation state-backed hacking groups on which Cyber Command is focused. The uploaded malware sample is named Electric Fish by the US government.

Electric Fish is a tunneling tool designed to exfiltrate data from one system to another over the internet once a backdoor has been placed.

Electric Fish is linked to the APT38 hacking group.
FireEye says APT38 has distinctly different motivations from other North Korean-backed hacking groups like Lazarus, which was blamed for the Sony hack in 2016 and the WannaCry ransomware attack in 2017. APT38 is focused on financial crimes, such as stealing millions of dollars from banks across the world, the cyber-security firm said but, they are probably connected. 

Lazarus is an umbrella name that typically describes hacking activity which advances Pyongyang’s interests. The group is especially known for its financial motivations, such as abusing the Society for Worldwide Interbank Financial Telecommunication (SWIFT) monetary transfer system and for hacking banks, according to Adam Meyers, vice president of intelligence at CrowdStrike.

Electric Fish was first discovered in May, according to Homeland Security’s cybersecurity division CISA, but APT38 has been active for several years.

A recently leaked United Nations report said the North Korean regime has stolen more than $2 billion through dozens of cyber-attacks to fund its various weapons programs. APT38 has amassed more than $100 million in stolen funds since its inception.

USCert:        USCert:        Business Computing:       Techcrunch:

You Might Also Read: 

N. Korea’s Hackers Stole $2b To Fund Its Missile Program:



 

« Attacks On Financial Services Just Keep Going Up
The Global Cyber Skills & Training Shortage »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Splunk

Splunk

Splunk provide real-time Security Information & Event Management solutions for Enterprise Networks, Cloud and small-scale IT environments

TestingXperts

TestingXperts

TestingXperts is a specialist software QA and testing company.

Rambus Security Division

Rambus Security Division

Rambus Security Division solutions span areas including tamper resistance, content protection, network security, mobile payment, smart ticketing, and trusted provisioning services.

Morphisec

Morphisec

Morphisec's world leading prevention-first software stops ransomware and other advanced attacks from endpoint to the cloud.

Proact IT Group

Proact IT Group

Proact is Europe's leading independent data centre and Cloud services enabler. We deliver flexible, accessible and secure IT solutions and services.

IDpendant

IDpendant

IDpendant offers a wide range of services, including authentication technology, client security products, single sign on systems, encryption solutions, card and mobile device management systems.

Cyber Academy

Cyber Academy

Cyber Academy is one of the first institutions in the SE Europe region that provides a hands-on program in cyber security, blockchain and AI.

Farsight Security

Farsight Security

Farsight Security provides the world’s largest real-time actionable threat intelligence on how the Internet is changing.

CISO Global

CISO Global

CISO Global (formerly Cerberus Sentinel) are on a mission to demystify and accelerate our clients’ journey to cyber resilience, empowering organizations to securely grow, operate, and innovate.

Redhorse

Redhorse

Redhorse provides top-tier consulting to help clients address mission-critical government problems in National Security, Networking Technology, Energy and the Environment.

CRI Group

CRI Group

CRI Group excels at deterring, detecting and investigating crimes against businesses using a global network of professionals specially trained in Anti-Corruption, Risk Management and Compliance.

SIXGEN

SIXGEN

SIXGEN provides incident response, operational and penetration testing, red teaming, tool development, cyber training development and continuous monitoring.

Gridware

Gridware

Gridware is a specialised cybersecurity consultancy firm and an emerging global player in the cybersecurity intelligence and advisory field.

Qevlar AI

Qevlar AI

Qevlar AI empowers SOC teams, to eliminate redundant tasks and refocus on what truly matters - making the most of every employee within the SecOps team.

Invictus International Consulting

Invictus International Consulting

Invictus International Consulting are a recognized leader in full-spectrum cyber technology solutions designed to protect the security of our nation's global defense and critical infrastructure.

US Cyber Games

US Cyber Games

US Cyber Games is committed to inform and inspire the broader community on ways to develop tomorrow’s cybersecurity workforce.