U.S. Cyber Command posted the code to the recently
discovered tunneling malware called Electric Fish to VirustTotal.The move is part of Cyber Command’s on-going effort fight
nation-state cyberattacks. The U.S. government specifically believes Electric
Fish, which was first uncovered in May 2019, was developed by the North Korean
government to steal money.Electric Fish is described by US CERT as, “A
command-line utility and its primary purpose is to tunnel traffic between two
IP addresses. The application accepts command-line arguments allowing it to be
configured with a destination IP address and port, a source IP address and
port, a proxy IP address and port, and a user name and password, which can be
utilized to authenticate with a proxy server. It will attempt to establish TCP
sessions with the source IP address and the destination IP address. If a
connection is made to both the source and destination IPs, this malicious
utility will implement a custom protocol, which will allow traffic to rapidly
and efficiently be tunneled between two machines. If necessary, the malware can
authenticate with a proxy to be able to reach the destination IP address. A
configured proxy server is not required for this utility.”
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds