Cybercrime Group Lazarus still targeting Cryptocurrencies by using New Methods and Techniques

Trevor HolmanMarch 27, 2019Last Updated: September 16, 2020

Tags

The Kaspersky Lab which is an antivirus and cybersecurity company recently said that the Lazarus hackers are continuing to target the cryptocurrencies by adopting new tactics and attempting to hack them, the report was published by the antivirus company on March 26.

Lazarus has been backed by North Korea; the report mentions that apparently state-sponsored hacker group Lazarus has been dynamically working over a new project from November 2018 onwards, the Lazarus hackers are making use of PowerShell which enables the hackers to manage and control malware of Windows and MacOS. The developing team of Lazarus has eventually created a custom PowerShell Scripts that will communicate with malicious server C2 and even run commands from the operator.

The C2 server scripts names are mostly misinterpreted as WordPress files and other open source projects. Once the server is created with the help of malware control session, the malware is then able to download and upload files, is able to update malware configuration and also collects the essential information of host and several others.

The adopting of new tools by Lazarus is barely news to anyone who monitors cyber threat intelligence, and Lazarus APT group is targeting financial bodies mostly cryptocurrency exchanges. Financial benefit is one of the important objectives of Lazarus hackers. They are constantly adopting new methods, techniques, and procedure so as to prevent detection, the report mentions.

Antivirus Company Kaspersky says that the Lazarus hackers are still focusing on systems that are involved with cryptocurrency and fintech firms and has even recommended that these industries should remain alert and should be careful.

Kaspersky says that if you are a part of the growing cryptocurrency or technological startup firms, then you need to proceed with extra caution especially when handling the third parties or installing software on your computer and you should never enable content in Microsoft Office documents which has been received from new or unknown sources.

While in the month of December 2018, one of the reports mentioned that cryptocurrency exchanges are improving their security measures continuously and from April 2018 onwards more than 30 people have been vulnerable to the North Korean Lazarus hackers.

The huge amount of cryptocurrency based security violation has been carried out by the Lazarus hacker group in the previous year; they might be collecting funds so as to help the state to manage with the international sanctions.

Lazarus is the only hacker group backed by North Korea who is responsible for carrying half of the exchange hacks from 2017 onwards. Earlier reports mention that Lazarus has reportedly stolen cryptocurrencies of worth 571 million dollars out of 882 million dollars through the online exchange from the year 2017 to 2018, which almost accounts to 65 percent of the overall sum. There was 14 individual violation of exchanges out of which 5 of the exchange breach have been carried out by Lazarus hacker group, among which NEM hack of Japan’s Coincheck noticed a record-breaking hack of around 532 million dollars.