Electricfish

The relentless North Korean hacker group known as Lazarus (or Hidden Cobra) has made it into the news again. This group of individuals has been given the APT (Advanced Persistent Threat) label by cybersecurity experts, and it is not without reason. Lazarus is believed to be working in unison with the North Korean government on projects linked to espionage. Their main targets happen to be large companies or government institutions in the region. They are believed to have a very large arsenal of various hacking tools capable of causing a lot of headaches and a lot of trouble. A new tool developed by Lazarus was detected recently. It is called ELECTRICFISH and is fairly small size-wise. It is meant to bypass the security of an infiltrated server and create a direct communication channel between the attacker's server and the infected system, therefore allowing them to negate some commonly used traffic filtering security measures.

Usually, large entities take their cybersecurity more seriously and often use a proxy server to filter the traffic that is being communicated through the firewall. This is done to make it less likely that any harmful activity would take place against the network. By implementing ELECTRICFISH, the Lazarus group would be able to bypass this safety measure and establish a direct connection to the remote server. This unfiltered connection could be combined with other hacking tools to enable the attackers to exfiltrate data from the infected system without having to worry about the firewall's filter settings. It is likely that Lazarus will combine ELECTRICFISH with another one of their large ensemble of hacking tools and thus truly weaponize it. For example, ELECTRICFISH could pave the path for a RAT (Remote Access Trojan) to infiltrate the targeted servers. Then, the attackers could use the RAT to access and collect sensitive data.

Lazarus is a very threatening group of individuals, especially if they have the North Korean government funding them and backing them up. Government institutions, as well as large corporations in the nearby countries, should keep in mind the North Korean government may send its attack dogs after their precious data at any time.