North Korean government using ElectricFish hacking tool, claims U.S.
The DHS along with FBI has issued a warning regarding one fresh malware strain that Hidden Cobra the hacking crew of North Korean government is using. Hidden Cobra is already familiar by the name Lazarus. The new malware strain works like a tool to furtively channel traffic extracted from contaminated Windows computers.
Government officials have dubbed the malware ElectricFish the most recent ware for NK's hacking scheme. The alert raised for the public regarding the fresh malicious software comes from the United States Cyber Emergency Response Team.
ElectricFish through evasion of security protocols of a server captures data from the PC-network it targets. The evasion occurs by entering a username-password combo. The feature reportedly lets getting connection to certain computer through one proxy server that enables the hacker evade the necessary authentication of the infected computer for accessing the network's exterior elements. The function of proxy servers is to be the gateway for an end-user to the Internet, while they provide one web filter and firewall for protection from possible threats lurking on the Net.
US-CERT observes that ElectricFish tries creating TCP sessions for destination Internet Protocol address as well as source IP. Once connection is established with both the IPs the malevolent service thus created enforces one custom protocol that lets traffic to fast as well as competently get channeled between 2 systems. In case needed, the malware even verifies using one proxy for enabling towards accessing the destination Internet Protocol. Any proxy server that's appropriately configured isn't needed for this service, states US-CERT's report. www.cso.com.au posted this, May 10, 2019.
It's from no later than May 2017 that US-CERT has been releasing reports about Hidden Cobra. Earlier NK hackers reportedly used several hacking methods as well as wares, importantly Trojan viruses crafted for tricking innocent end-users, along with distributed denial-of-services, alternatively botnets that deactivated web-servers and websites.
During 2018 October, the agency gave a thorough description of FastCash a malware attacking servers of payment switches installed at banks inside Asian and African countries for fraudulent withdrawing money from ATMs. The gang filched several million dollars using FastCash the malicious program which Symantec eventually identified.
» SPAMfighter News - 16-05-2019
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!