A hacking group believed to be from North Korea is reportedly stepping up its recreation to proceed its cryptocurrency stealing campaigns.
In a statement published yesterday, safety researchers from Kaspersky say they discovered proof to recommend Lazarus has made important adjustments to its assault methodology.
In keeping with Kaspersky, the hacking group is taking “extra cautious steps” and is using “improved techniques and procedures” to steal cryptocurrency.
In different phrases, Lazarus has adjusted the way in which it infects a system, stays undetected, and illicitly obtains cryptocurrency from compromised machines and victims. To go undetected, Lazarus’ malware executes in reminiscence relatively than being run from onerous disk drives.
Researchers say Lazarus is now utilizing messaging app Telegram — common within the cryptocurrency group — as certainly one of its key assault vectors.
Safety Researchers have dubbed the brand new wave of techniques as “Operation AppleJeus Sequel.” An evolution of the AppleJeus marketing campaign that was uncovered back in 2018 and ran all through 2019.
As with earlier campaigns, Kaspersky says faux cryptocurrency buying and selling firms are used to lure in victims. The faux firms have web sites full with hyperlinks to equally faux Telegram buying and selling teams.
In a single occasion, a Home windows system was contaminated by a malicious payload delivered to the gadget by means of Telegram messenger. The consumer downloaded the payload themselves by means of the app, Telegram itself wasn’t compromised.
As soon as contaminated, attackers can achieve distant entry to regulate the compromised gadget and additional their assaults. Lazarus virtually all the time goes after cryptocurrency.
Throughout its analysis, Kaspersky discovered various these faux cryptocurrency buying and selling web sites. It believes they have been made utilizing free internet templates.
As might be seen within the picture under, one of many faux websites had an lively hyperlink to a Telegram group. Whereas Kaspersky has solely just lately uncovered that Telegram was used to ship a Lazarus payload, the group itself was created approach again in December 2018.
The researchers say they’ve recognized a number of victims, primarily based within the UK, Poland, Russia, and China. A number of of those victims have been confirmed to be cryptocurrency companies.
The worth of cryptocurrency or different funds Lazarus managed to acquire on this marketing campaign wasn’t talked about.
In keeping with a UN report printed final August, North Korean hackers have been thought to have stolen $2 billion by hacking international monetary establishments and cryptocurrency exchanges.
With the newest wave of updates to its marketing campaign, it doesn’t appear like Lazarus will ease up on its makes an attempt.
Replace, January 10, 2020, 1235UTC: The piece has been amended to strengthen that Telegram itself wasn’t compromised. The contaminated recordsdata have been downloaded by victims from malicious hyperlinks shared within the app.
Printed January 9, 2020 — 09:33 UTC