A hacking group believed to be from North Korea is reportedly stepping up its recreation to proceed its cryptocurrency stealing campaigns.
In a statement published yesterday, safety researchers from Kaspersky say they discovered proof to recommend Lazarus has made vital modifications to its assault methodology.
In line with Kaspersky, the hacking group is taking “extra cautious steps” and is using “improved techniques and procedures” to steal cryptocurrency.
In different phrases, Lazarus has adjusted the best way it infects a system, stays undetected, and illicitly obtains cryptocurrency from compromised machines and victims. To go undetected, Lazarus’ malware executes in reminiscence moderately than being run from onerous disk drives.
Researchers say Lazarus is now utilizing messaging app Telegram — well-liked within the cryptocurrency group — as certainly one of its key assault vectors.
Safety Researchers have dubbed the brand new wave of techniques as “Operation AppleJeus Sequel.” An evolution of the AppleJeus marketing campaign that was uncovered back in 2018 and ran all through 2019.
As with earlier campaigns, Kaspersky says pretend cryptocurrency buying and selling firms are used to lure in victims. The pretend firms have web sites full with hyperlinks to equally pretend Telegram buying and selling teams.
In a single occasion, a Home windows system was contaminated by a malicious payload delivered to the system by means of Telegram messenger. The person downloaded the payload themselves by means of the app, Telegram itself wasn’t compromised.
As soon as contaminated, attackers can acquire distant entry to manage the compromised system and additional their assaults. Lazarus nearly all the time goes after cryptocurrency.
Throughout its analysis, Kaspersky discovered a lot of these pretend cryptocurrency buying and selling web sites. It believes they had been made utilizing free net templates.
As may be seen within the picture beneath, one of many pretend websites had an energetic hyperlink to a Telegram group. Whereas Kaspersky has solely just lately uncovered that Telegram was used to ship a Lazarus payload, the group itself was created method again in December 2018.
The researchers say they’ve recognized a number of victims, based mostly within the UK, Poland, Russia, and China. A number of of those victims had been confirmed to be cryptocurrency companies.
The worth of cryptocurrency or different funds Lazarus managed to acquire on this marketing campaign wasn’t talked about.
In line with a UN report revealed final August, North Korean hackers had been thought to have stolen $2 billion by hacking international monetary establishments and cryptocurrency exchanges.
With the most recent wave of updates to its marketing campaign, it doesn’t appear like Lazarus will ease up on its makes an attempt.
Replace, January 10, 2020, 1235UTC: The piece has been amended to strengthen that Telegram itself wasn’t compromised. The contaminated information had been downloaded by victims from malicious hyperlinks shared within the app.
Printed January 9, 2020 — 09:33 UTC