Kaspersky: Lazarus Hackers To Steal Crypto Using Telegram in ‘Operation AppleJesus Sequel’
The Moscow-based cybersecurity firm Kaspersky has informed cryptocurrency users that North Korean hackers have developed new ways of delivering malware through Telegram.
Kaspersky has been looking at the latest attacks of the Lazarus Group, a North Korea-related cybercrime organization that has also conducted the AppleJesus attack on some of the most important crypto exchanges in 2018.
Lazarus Group’s Methodology Has Changed
In a research published on Wednesday, Kaspersky is saying the Lazarus Group has made “significant changes” in its methodology of attack. For example, it developed a fake crypto wallet update that is sending hackers data from users and created a Mac backdoor that goes over security without computers even knowing they are under attack.
Malware Delivered Through Telegram
A new type of attack involved delivering malware through Telegram. The research reveals the victims of this attack downloaded software with the malware and ended up sending hackers important data from their computers without even realizing they’re doing it. The channels set up by hackers were for inexistent crypto companies, with one that was recently detected to be a platform for smart cryptocurrency arbitrage. What Kaspersky researchers also discovered is that these websites had broken and incomplete links, whereas others were taking Telegram visitors. It seems the Telegram attacked victims were from China, the UK, Russia and Poland.
No One Knows Anything About Lazarus
The Lazarus Group continues to remain a mystery, as it runs the malware through computers’ memory and not their hard drive, which makes detection impossible. While the popular opinion is that the group has an affiliation with North Korea, the country has more than once denied being responsible for any cyber attack. As per an estimation made by the cybersecurity company Group-IB, Lazarus stole cryptocurrency valued at about $600 million in 2017 and for the most part of 2018.
Kaspersky thinks the attacks will continue. The Lazarus Group was put on the US Department for Treasury sanctions list back in 2019, so any financial institution discovered to collaborate with it is sanctioned. Ethereum (ETH) developer Virgil Griffith may end up for 20 years in prison, as he was indicted by US authorities this week, for holding speech at a conference in North Korea.