CyberWisdom Safe Harbor Commentary on Lazarus group:
Today I came across this story from cointelegraph.com that expands how North Korean hacker organization Lazarus Group to various South Korean cryptocurrency hacking and security breaches. US network security firm Recorded Future released a new report linking North Korean hacker organization Lazarus to various South Korean cryptocurrency hacking and security breaches.
In a report titled “North Korea Targeted Subscribers and Transactions by the End of 2017”, researchers at the company pointed out that the same type of malware used in Sony Pictures vulnerability and WannaCry ransomware attacks was used to lock South Korea’s Coinlink encryption-based Currency exchange.
Lazarus group – Seven million dollars stolen from Bithumb
In February 2017, Bithumb, the world’s second-largest cryptocurrency trading platform, was the victim of a security breach by daily volume, resulting in a loss of about $ 7 million in user funds, mainly bitcoin and Ethereum’s native cryptocurrency Ether.
Recorded Future reports that the $7 million Bithumb security vulnerability is linked to North Korean hackers. Insikt Group researchers, a group of cybersecurity researchers who regularly closely track North Korean hacking activities, revealed that the Lazarus Group used various tools ranging from spear phishing attacks to the distribution of malware over communication platforms to secure cryptocurrencies Wallet and account.
Researchers at the Insikt Group revealed that the Lazarus group of hackers launched a massive malware offensive in the fall of 2017. Since then, North Korean hackers have focused on spreading malware by attaching files that contain fraudulent software to gain access to personal devices.
One of the ways that the Lazarus Group adopts is to send Korean word processor (HWP) files by e-mail, and Microsoft Word documents in Korea are equivalent to malware. If any cryptocurrency user downloads malware, it will automatically install itself and run in the background, controlling or manipulating data stored on a particular device.
North Korean hacker motives
Prior to Recorded Future’s report, several other cybersecurity companies accused North Korean hackers of providing sophisticated malware and phishing tools against South Korea’s cryptocurrency trading platform.
FireEye researchers linked six targeted cyber attacks against South Korea’s cryptocurrency to North Korean state hackers. According to Cointelegraph reports, recently, police investigators and South Korea’s Internet Security Agency carried out a comprehensive investigation of security vulnerabilities, resulting in YouBit bankruptcy of South Korea’s encrypted currency trading platform.
At that time, local investigators said they had found evidence to link YouBit security flaws with North Korean hackers. FireEye senior analyst Luke McNamara also told Bloomberg it hired a similar tool widely used by North Korean hackers in YouBit hacking.
“The opponents we see are becoming more capable and arrogant in their willingness to pursue goals that are actually just an important part of a larger strategy that at least from 2016 onwards they seem Already using funds primarily for espionage purposes to steal funds. ”
North Korean hackers allegedly stole millions of dollars in funds from South Korean cryptocurrency user #ANALYSIS… Engaging post, Read More…
thumbnail courtesy of cointelegraph.com
If you like to receive more of these curated safe harbor news alerts then subscribe to my mailing list. and come back soon at https://www.safeharboroncyber.com/Blog/ to read further CyberWisdom Safe Harbor Commentaries. Home » Curated SafeHarboronCyber’s CyberWisdom Post »