The Department of Homeland Security (DHS), in collaboration with the Federal Bureau of Investigation (FBI), has published a detailed analysis of a new malware called ELECTRICFISH. The report mainly sheds light on the functionality of the malware. It also covers the malware’s size, MD5, SHA1, and other details that were discovered in the analysis.
ELECTRICFISH is said to be a tunneling tool used by the infamous HIDDEN COBRA group. This group is affiliated with the North Korean government.
Details of the malware
Security researcher Darien Huss of Proofpoint noted that the new sample highlighted in the report was unique to the three samples found in 2018, all of which were uploaded on VirusTotal. In fact, other instances of ELECTRICFISH were also seen prior to the publication of the DHS report.
In the report, DHS has also suggested measures to prevent attacks from ELECTRICFISH. It has mainly advised system administrators to review any configuration changes that occur in their computer network.