North Korea (APT38): The North Korean hacking group, known as APT38, has had its malware uploaded to Virus Total. The US Cyber Command released a tweet stating that they had uploaded the malware, Electric Fish. Electric Fish, which is known to be used by APT38, is a tunneling tool that was created to exfiltrate data from a compromised machine to the attacker through a backdoor that was previously put in place. APT38 is primarily known to only focus on financial crimes and monetary gain for North Korea. Electric Fish was first found in May, but the group has been active for several years.
Analyst Notes
North Korea is always looking for a way to gain money, and APT38 is another tool that they use. With the public release of Electric Fish, APT38 will likely begin to turn to new malware. The group will likely still try to use the old malware as a way to compromise people until everyone is able to detect and block the malware.
