Home Malware Programs Malware Electricfish

Electricfish

Posted: May 10, 2019

The Hidden Cobra APT (Advanced Persistent Threat) group has gained a lot of media attention in the past few years due to their involvement in numerous cyber-attacks against high-profile targets. As malware researchers delved into the strategies and tools used by the Hidden Cobra group, they managed to gather a lot of information regarding the various backdoors, RATs, worms, info stealers, and other hacking tools that the perpetrators use. One of the most recent insertions to the arsenal of the Hidden Cobra APT group has been identified as ‘ELECTRICFISH’ – a small tool meant to tunnel traffic between two systems, and provide attackers with the ability to potentially bypass certain security protocols.

Often, the computers in a major company or institution are placed behind a proxy server that acts as a firewall that filters incoming and outgoing traffic, therefore limiting the chances that a harmful connection will be established. By installing ELECTRICFISH on the targeted computer, the Hidden Cobra actors may gain the ability to bypass this security measure and establish a direct connection between the ‘protected’ server and the server of the attackers. While this may not sound like much, combining ELECTRICFISH’s traffic funneling feature with, for example, a keylogger, may allow the perpetrators to extract the log files directly to their server. Otherwise, this action would be prevented by the firewall and the proxy filter the targeted network employs.

It is not a surprise that cybercriminals do their best to keep up with the latest security practices and develop the tools necessary to exploit them. The North Korean-based Hidden Cobra APT is certainly one of the most popular names in the cybercrime field at the moment, and analyzing their attacks is a great way to learn how to reinforce your cybersecurity infrastructure.

Loading...