The original curated post is from Safe Harbor on Cyber.com
- Security Affair say researchers from security firm Proofpoint have collected evidence of the vital interests of the Lazarus APT group in cryptocurrencies. Hackers associated with North Korea have launched several multi-phase attacks that use cryptocurrency-related temptations to infect victims of malware code to steal cryptocurrency wallets and exchange certificates, and much more. The timing is perfect, and hackers are stepping up their operations during the Christmas shopping season.
The arsenal of Lazarus APT Group includes sophisticated custom malware, DDoS botnets and wiper malware.
According to security experts, the group lags behind other large-scale cyber espionage aimed at global targets, including Troy Operation, DarkSeoul Operation and Sony Picture hack.
The APA organization in Lazarus is increasingly concerned about economically motivated attacks and is trying to capitalize on the media’s interest in soaring cryptocurrency prices.
Lazarus is considered the first state-level attacker to use a framework to steal payment points for card sales.
“There are many reasons for these actions, including for encrypting currency exchange vouchers and point-of-sale infrastructure:
1. This appears to be the first public record of a state-funded actor attacking the point-of-sale infrastructure for financial gain.
2. For threat actors, cryptocurrency is not new, state-funded or otherwise. However, in this context, we can extensively document the custom tools and procedures Lazarus uses to implement cryptocurrency theft.
3. The group now appears to be targeting individuals rather than just organizations: individuals are softer targets, often lacking resources and knowledge to protect themselves and providing new monetization paths for state-sponsored threat actors’ kits. Bringing the tools and resources of state-backed attacking organizations to the individuals and infrastructure used by a large number of private citizens can greatly increase the risk in assessing the potential impact.
5. We can distinguish between the actions of economically motivated teams within Lazarus and the recent spy and chaotic groups that rob the headlines in order to better understand their actions and the global threats represented by Lazarus. “
- Read more…
Financially motivated attacks reveal the interests of the Lazarus APT Group
Researchers at security firm Proofpoint collected evidence of the significant interest of the Lazarus APT group in cryptocurrencies, the group’s arsenal of tools, implants, and exploits is extensive and under constant development. Researchers at security firm Proofpoint collected evidence of the significant interest of the Lazarus APT group in cryptocurrencies. Financially motivated attacks reveal the interests of the Lazarus APT Group
If you like to receive more of these curated news alerts then subscribe to my mailing list.