North Korean hackers ramp up cryptocurrency stealing during pandemic

Lazarus, the hacking group who were responsible for the 2014 Sony Pictures and 2016 Bangladesh Bank cyber heists, are now being implicated in the latest attacks from North Korea.

According to a press release from ESTsecurity, a cyber security located in Seoul, South Korea, the group had begun targeting cryptocurrency firms.

The released said: “The APT (adaptive persistent threats) hacking group Lazarus, which is allegedly sponsored by a certain government [North Korea], is increasingly engaging in cybercrime activities in and out of South Korea.

“Lazarus is carrying out APT attacks not only in South Korea but also in the international sphere, including the United States.

“They are also engaging in cyber-espionage operations as well as activities designed to generate foreign currency.”

The security company warned that these attacks could lead to financial damage.

The press release also went on to explain: “Malicious emails used in these attacks mention companies that provide electronic payment services.

“The hackers attached malicious files disguised as blockchain software development contracts from those payment companies and induced the targets into opening them.”

ESTsecurity’s report explained these attacks use “spear phishing,” where a scammer baits victims using information specific to their interests after obtaining detailed information on them.

According to the “National Strategy for Combating Terrorist and Other Illicit Financing 2020” report released by the US Treasury Department in February, from 2017 to 2018, Lazarus was among three North Korean hacking groups that managed to steal USD 571 million in cryptocurrency from five exchanges in Asia.

Analysts say that stealing cryptocurrency could bring enormous profits to a country now completely isolated from the rest of the world following the closure of the Sino-North Korean border in late January due to the COVID-19 pandemic.

Security experts are emphasising that joint countermeasures should be taken against North Korean cyber attacks, which are connected to other North Korean espionage groups such as Kimsuky, Kony, and Gumsong 121.


Iran scrambles to buy grain amid growing fears of food shortages [INSIGHT]
US defence chiefs reveal ‘security concerns’ over satellite launch [ANALYSIS]
Iran earthquake MAP: Huge 5.1 quake hits Lorestan Province in Iran [MAPPED]

It comes as US cybersecurity officials have published details about three malware strains that have been used by North Korea’s government-sponsored hackers to attack targets all over the world.

The announcement coincided with the three-year anniversary of the WannaCry ransomware outbreak, which US officials have formally blamed on the Pyongyang regime, and have even gone as far as to press charges against one of the hackers.

They included Copperhedge, which is a remote access trojan (RAT) capable of running arbitrary commands, performing system reconnaissance, and exfiltrating data, with six different variants identified.

Taintedscribe and Pebbledash are malware implants (trojan) that are installed on hacked systems to receive and execute the attacker’s commands.

It also follows pressure from economic sanctions against North Korea has increased by the United Nations, the European Union and the U.S. over nuclear arms and military concerns against the backdrop of fresh coronavirus cases being reported on the peninsula.

The increased attempts of theft in cryptocurrencies come as fresh news reports of a potential “second wave” in South Korea on Monday.

There have been 34 new cases of the deadly virus, its highest daily number in a month as reported by Seven News Australia.

Figures remain unclear in highly secretive North Korea.

However, the total number of cases in the south has reached over 10,900, with 256 deaths in total, according to Worldometer.

Source: Read Full Article