Nordkoreanska Lazarus Group kopplad till ett nytt hackningsschema för kryptovaluta

The Lazarus group, a North Korean hacking organization previously linked to criminal activity, has been connected to a new attack scheme to breach systems and steal cryptocurrency from third parties. The campaign, which uses a modified version of an already existing malware product called Applejeus, uses a crypto site and even documents to gain access to systems.

Modified Lazarus Malware Used Crypto Site as Facade

Volexity, a Washington D.C.-based cybersecurity firm, has linked Lazarus, a North Korean hacking group already sanctioned by the U.S. regering, with a threat involving the use of a crypto site to infect systems in order to steal info and cryptocurrency from third parties.

A blog post utfärdad on Dec. 1 revealed that in June, Lazarus registered a domain called “bloxholder.com,” which would be later established as a business offering services of automatic cryptocurrency trading. Using this site as a facade, Lazarus prompted users to download an application that served as a payload to deliver the Applejeus malware, directed to steal private keys and other data from the users’ systems.

The same strategy has been used by Lazarus before. i alla fall, this new scheme uses a technique that allows the application to “confuse and slow down” malware detection tasks.

Document Macros

Volexity also found that the technique to deliver this malware to final users changed in October. The method morphed to use Office documents, specifically a spreadsheet containing macros, a sort of program embedded in the documents designed to install the Applejeus malware in the computer.

Se även  Europeiska bankmyndigheten oroar sig för att anställa talang för att övervaka kryptoutrymme

Dokumentet, identified with the name “OKX Binance & Huobi VIP fee comparision.xls,” displays the benefits that each one of the VIP programs of these exchanges supposedly offers at their different levels. To mitigate this kind of attack, it is recommended to block the execution of macros in documents, and also scrutinize and monitor the creation of new tasks in the OS to be aware of new unidentified tasks running in the background. i alla fall, Veloxity did not inform on the level of reach that this campaign has attained.

Lazarus was formally indicted by the U.S. justitiedepartementet (DOJ) in Feb. 2021, involving an operative of the group linked to a North Korean intelligence organization, the Reconnaissance General Bureau (RGB). Before that, i mars 2020, the DOJ indicted two Chinese nationals for aiding in the laundering of more than $100 million in cryptocurrency linked to Lazarus’ exploits.

Taggar i denna berättelse
applejeus, bloxholder, Krypto, data, department of justice, indicment, indictment, Lazarus, Malware, payload, Stöld, volexity

What do you think about Lazarus’ latest cryptocurrency malware campaign? Berätta för oss i kommentarsfältet nedan.

Sergio Goschenko

Sergio är en kryptovalutajournalist baserad i Venezuela. Han beskriver sig själv som sen till matchen, in i kryptosfären när prisuppgången skedde under december 2017. Har en bakgrund inom datateknik, bor i Venezuela, och påverkas av kryptovalutaboomen på social nivå, han erbjuder en annan syn på kryptoframgång och hur det hjälper dem som saknar bank och som är underbetjänade.

Bildkrediter: Shutterstock, Pixabay, Wiki Commons

varning: Den här artikeln är endast i informationssyfte. Det är inte ett direkt erbjudande eller uppmaning till ett erbjudande att köpa eller sälja, eller en rekommendation eller rekommendation av någon produkt, tjänster, eller företag. Bitcoin-Tidings.com ger inte investeringar, beskatta, Rättslig, eller redovisningsrådgivning. Varken företaget eller författaren ansvarar, direkt eller indirekt, för alla skador eller förluster som orsakas eller påstås vara orsakade av eller i samband med användningen av eller tilliten till något innehåll, varor eller tjänster som nämns i denna artikel.

Se även  S&P Global Ratings Study förutspår att krypto och decentraliserad finans kommer att fortsätta växa in 2022.

Läsa varning