U.S. Cyber Command has uploaded a sample of malware that is associated with a North Korean advanced persistent threat group and designed to perform data exfiltration through a backdoor, TechCrunch reported Friday.
Cybercom posted the “Electric Fish” tunneling virus to VirusTotal, an online database built for security research purposes. The upload offers insight into cybersecurity threats from nation-state hackers, the report said. The Department of Homeland Security and the FBI determined in May that North Korea uses the malware linked to the APT38 hacking group.
Security company FireEye said in October it found that APT38, which primarily targets financial institutions, could stay within a target’s network for an average of 155 days. The financial-crime group has conducted operations against more than 16 organizations worldwide, FireEye noted.