A hacking group believed to be from North Korea is reportedly stepping up its sport to proceed its cryptocurrency stealing campaigns.
In a statement published yesterday, safety researchers from Kaspersky say they discovered proof to recommend Lazarus has made vital modifications to its assault methodology.
Based on Kaspersky, the hacking group is taking “extra cautious steps” and is using “improved techniques and procedures” to steal cryptocurrency.
In different phrases, Lazarus has adjusted the way in which it infects a system, stays undetected, and illicitly obtains cryptocurrency from compromised machines and victims. To go undetected, Lazarus’ malware executes in reminiscence reasonably than being run from laborious disk drives.
Researchers say Lazarus is now utilizing messaging app Telegram — widespread within the cryptocurrency group — as one in all its key assault vectors.
Safety Researchers have dubbed the brand new wave of techniques as “Operation AppleJeus Sequel.” An evolution of the AppleJeus marketing campaign that was uncovered back in 2018 and ran all through 2019.
As with earlier campaigns, Kaspersky says faux cryptocurrency buying and selling firms are used to lure in victims. The faux firms have web sites full with hyperlinks to equally faux Telegram buying and selling teams.
In a single occasion, a Home windows system was contaminated by a malicious payload delivered to the machine by means of Telegram messenger. The consumer downloaded the payload themselves by means of the app, Telegram itself wasn’t compromised.
As soon as contaminated, attackers can acquire distant entry to regulate the compromised machine and additional their assaults. Lazarus nearly at all times goes after cryptocurrency.
Throughout its analysis, Kaspersky discovered quite a lot of these faux cryptocurrency buying and selling web sites. It believes they had been made utilizing free internet templates.
As could be seen within the picture under, one of many faux websites had an energetic hyperlink to a Telegram group. Whereas Kaspersky has solely lately uncovered that Telegram was used to ship a Lazarus payload, the group itself was created manner again in December 2018.
The researchers say they’ve recognized a number of victims, based mostly within the UK, Poland, Russia, and China. A number of of those victims had been confirmed to be cryptocurrency companies.
The worth of cryptocurrency or different funds Lazarus managed to acquire on this marketing campaign wasn’t talked about.
Based on a UN report revealed final August, North Korean hackers had been thought to have stolen $2 billion by hacking international monetary establishments and cryptocurrency exchanges.
With the newest wave of updates to its marketing campaign, it doesn’t appear to be Lazarus will ease up on its makes an attempt.
Replace, January 10, 2020, 1235UTC: The piece has been amended to bolster that Telegram itself wasn’t compromised. The contaminated recordsdata had been downloaded by victims from malicious hyperlinks shared within the app.
Printed January 9, 2020 — 09:33 UTC