Move over WannaCry, there’s a new North Korean cyber tool on the prowl: ELECTRICFISH. This new tool hit the news after the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) released a co-authored report analyzing it. ELECTRICFISH is used by none other than long-time threat group: HIDDEN COBRA, or, Lazarus as you probably know them. ELECTRICFISH is a tunnel malware, which sets up communications between to IP addresses and attempts to keep that line of communication open. While this is not dangerous alone, ELECTRICFISH allows for other malware to be uploaded to an infected device, much like EternalBlue and the other tools that were let into the wild when the ShadowBrokers group set the NSA’s tools free. The DHS warns that System Administrators should check for changes in system settings, which are a telltale sign of ELECTRICFISH’s presence. Lazarus/HIDDEN COBRA’s recent activity may be in response to the US walking away from the negotiating table of the failed nuclear summit. North Korea’s cyber warfare groups are startlingly effective and they’re responsible for keeping finances flowing into the country. Their schemes provide North Korea with access to valuable resources, like currency from outside nations that can be used to purchase goods.
Source: US government releases new report on ELECTRICFISH malware linked to North Korean threat actors
A group of 4 individuals, 3 of them named with the fourth receiving the moniker “John Doe”, have been indicted in the hacking of Anthem and several other large US firms. The hacking group infiltrated the firms and implanted malware that allowed them continued access to the firm’s systems. They used this prolonged access to install further malware, which was used to steal and export a trove of data from the US to China. More than 78 Million individuals had their Personally Identifiable Information (PII) stolen as part of the attack. This information is critical for continued cyber operations, as PII includes details like an individual’s name, DoB, SSN, address, and other pieces that can be used to create fake identities. These crafted ID’s can be used as covers to allow physical operatives into a country, or facilitate online scams. Or, the information can be sold online through an infobroker market and provide an influx of cash.
Source: Members of China-based hacking firms indicted for Anthem breach, among other breaches
Nvidia has issued a warning about vulnerabilities in its hardware drivers, and patches to correct the issues. The vulnerabilities allow a potential attacker the ability to perform a Denial of Service (DoS) attack against a user’s hardware. They can also escalate any infected cards access, which may allow them further access into an infected device. Another exploit allows an attacker to draw out the user’s system information, would set that device up for a very tailored attack that would have a higher chance of succeeding.
Source: Nvidia Warns Windows Gamers on GPU Driver Flaws
Max is a Legal Assistant and author residing in the Philadelphia area He has been writing for AskCyberSecurity.com since early 2017.