North Korean Lazarus Group Linked to New Cryptocurrency Hacking Scheme

The Lazarus group, a North Korean hacking organization previously linked to criminal activity, has been connected to a new attack scheme to breach systems and steal cryptocurrency from third parties. The campaign, which uses a modified version of an already existing malware product called Applejeus, uses a crypto site and even documents to gain access to systems.


Modified Lazarus Malware Used Crypto Site as Facade

Volexity, a Washington D.C.-based cybersecurity firm, has linked Lazarus, a North Korean hacking group already sanctioned by the U.S. 政府, with a threat involving the use of a crypto site to infect systems in order to steal info and cryptocurrency from third parties.

A blog post issued 12月に. 1 revealed that in June, Lazarus registered a domain called “,” which would be later established as a business offering services of automatic cryptocurrency trading. Using this site as a facade, Lazarus prompted users to download an application that served as a payload to deliver the Applejeus malware, directed to steal private keys and other data from the users’ systems.

The same strategy has been used by Lazarus before. でも, this new scheme uses a technique that allows the application to “confuse and slow down” malware detection tasks.

Document Macros

Volexity also found that the technique to deliver this malware to final users changed in October. The method morphed to use Office documents, specifically a spreadsheet containing macros, a sort of program embedded in the documents designed to install the Applejeus malware in the computer.

The document, identified with the name “OKX Binance & Huobi VIP fee comparision.xls,” displays the benefits that each one of the VIP programs of these exchanges supposedly offers at their different levels. To mitigate this kind of attack, it is recommended to block the execution of macros in documents, and also scrutinize and monitor the creation of new tasks in the OS to be aware of new unidentified tasks running in the background. でも, Veloxity did not inform on the level of reach that this campaign has attained.

Lazarus was formally indicted by the U.S. 司法省 (DOJ) in Feb. 2021, involving an operative of the group linked to a North Korean intelligence organization, the Reconnaissance General Bureau (RGB). Before that, in March 2020, the DOJ indicted two Chinese nationals for aiding in the laundering of more than $100 million in cryptocurrency linked to Lazarus’ exploits.

applejeus, bloxholder, 暗号, データ, 司法省, indicment, indictment, Lazarus, Malware, payload, 盗難, volexity

What do you think about Lazarus’ latest cryptocurrency malware campaign? 以下のコメントセクションで教えてください.


セルジオはベネズエラを拠点とする暗号通貨ジャーナリストです. 彼は自分自身をゲームに遅刻したと説明しています, 12月に価格が上昇したときに暗号圏に参入 2017. コンピュータ工学のバックグラウンドを持つ, ベネズエラ在住, 社会レベルでの暗号通貨ブームの影響を受けている, 彼は、仮想通貨の成功と、それが銀行口座を持たず、十分なサービスを受けていない人々をどのように助けるかについて、異なる視点を提供します.

画像クレジット: シャッターストック, Pixabay, ウィキ・コモンズ

免責事項: この記事は情報提供のみを目的としています. 売買の申し出の直接的な申し出または勧誘ではありません, または製品の推奨または保証, サービス, または企業. 投資を提供しない, 税, 法的, または会計アドバイス. 会社も著者も責任を負いません, 直接的または間接的に, コンテンツの使用または依存によって、またはそれに関連して引き起こされた、または引き起こされたと主張されている損害または損失について, この記事で言及されている商品またはサービス.

読んだ 免責事項