Kaspersky Lab: Cryptocurrencies Remain Under Attack By Constant Threat of Lazarus’s New Tactics
Lazarus, a cybercrime group, is well known in North Korea for its consistent attacks that have been reported by multiple cybersecurity companies. Many of their recent attacks have involved the crypto industry, though many platforms have recently increased their cybersecurity measures to protect them. That has not seemed to stifle the work of Lazarus at all, as they have continued to adopt new measures to infiltrate these exchanges, according to Kaspersky Labs.
Kaspersky Labs released a report on March 26th, stating that the hacker group has been working on new operations since November last year, using PowerShell as a way to handle the malware they use against Windows and macOS systems. Reports indicate that the team has already created scripted that are based on PowerShell with the ability to interact with C2 malicious servers. In turn, they can force the servers to follow through with certain commands.
The script names of the C2 server are incorrectly represented, looking like they are WordPress files and open source projects. Once the company manages to create a malware control session with the server, it is easy for the scammers to download and upload files. They can also update the configuration of the malware, while collecting information from the host.
Based on the information made available by Kaspersky Labs, it looks like the hackers are still going after companies in the crypto and fintech industries, leading them to warn consumers. The company speaks to anyone that runs a business in the crypto industry with their report, saying that they need to “exercise extra caution” with all of their interactions involving new third parties and the installation of new software. The report further warns against selecting to “enable content” whenever a new document is sent on Microsoft Office from a new source or one that the company has yet to trust.
From 2017 to 2018, Lazarus is allegedly responsible for about $571 million of the total $882 million that was stolen in crypto from exchanges, which accounts for about 65% of the total losses. Amongst 14 major crypto exchange breaches, it is believed that Lazarus was responsible for five of them.
In March of this year, it was reported that North Korea had already accrued a total of $670 million in a combination of fiat currency and cryptocurrency through hacking. The news media outlet added that it looks like these hackers had primarily attacked from 2015 to 2018 in overseas financial institutions. Blockchain technology made it possible for the company to cover up the actions that they were taking.