google-site-verification: google30a059f9a075f398.html

McAfee Identifies Major Cyber Attack by Lazarus hacker group

CyberWisdom Safe Harbor Commentary on Lazarus hacker group

I couldn’t believe this story from that asks an interesting on the Lazarus hacker group, headquartered in North Korea, is now targeting cryptocurrency theft and phishing attacks against individuals and banking institutions. Analysts at McAfee Advanced Threat Research (ATR) uncovered new cyber attacks. As an article published by McAfee on its Web site reveals, phishing attacks target Bitcoin users and use sophisticated malicious files to access data.

Hoaboa, but maybe Lazarus hacker group

Lazarus, a cybercriminal group, was suspected of supporting the WannaCry ransomware attack in 2017 and the company has reinstated its phishing email once again to counterfeit employees for vacancies in links to word documents infected in the e-mail. When an unsuspecting victim opens the link, it redirects to the Dropbox web page hosting the Word file, tricking users from downloading the malware.

This ambitious cybercrime campaign is known as “Haobao,” in which malware files are scanned for any bitcoin or cryptocurrency-related activity after being downloaded. Once this malware infects the target, it begins to collect various data and send it back to the remote server.

On January 15, 2018, a recent Lazarus cyberattack attempt was exposed after McAfee Advanced Threat Research (ATR) analysts discovered the malicious link that contained the document.

After further analysis, it shows that the file was edited and uploaded by the author under the name “Windows User” with no apparent name. McAfee has shown that in January, the same author created multiple infected files and uploaded them to the link on the 16th and January 24, 2018. The attack aims to identify victims running bitcoin-related software through specific system scans.

As McAfee said on its official blog, after downloading the infected file:

“The victim was persuaded to declare that the document was made in an earlier version of Microsoft Word by notifying him that the malicious document was then launched on the victim’s system through a Visual Basic macro.”

In addition, it has been found that the infected link also establishes contact with the same IP address previously used by Lazarus to host different malicious documents in 2017. The corrupted document was written by the same user name and has become the norm for some hacker organizations since the last cyber attacks.

Although the campaign is now known as Haobao, it is in line with Lazarus hacker group’s interest in cryptocurrency theft. Lazarus adopted the same technique that used similar file structures and job advertisements in previous phishing attacks.

In early January 2018, Marko Kobal, co-founder of NiceHash, a startup that markets cryptocurrencies, resigned as a chief executive officer. The announcement took place after a high-profile cyber attack on NiceHash, resulting in the loss of thousands of bitcoin.

On December 12, 2017, Bitfinex, a major cryptocurrency exchange, crashed into reports of hacking. The week before, Bitfinex had reported that they were the victims of a distributed denial of service attack, causing it to temporarily halt its trading platform.

Read More…

BITCOIN PRICE: 11,592.00     HIGH: 11,645.67     LOW: 10,900.00 Advertise with Us Jobs at BTCManager Don’t miss out on the latest news Get BTCMANAGER delivered right to your inbox The blockchain technology is much more than Bitcoin and mining and trading cryptocurrencies. It can be leveraged in a wide February 20, 2018 12:45 by Rahul Nambiampurath The North Korea-based Lazarus hacking group is now targeting individuals and banking institutions with bitcoin stealing and phishing campaigns. The new cyber attack was discovered by analysts at McAfee Advanced Threat Research (ATR). As revealed by the company in a post on its website, the phishing attack is targeted towards bitcoin users and uses a sophisticated malicious document for accessing data. Lazarus, the cybercrime group, suspected to be behind the WannaCry ransomware attacks in 2017, has resumed its phishing emails again, targeting individuals with fake employee recruitment openings in an infected word document link in the email. When unsuspecting victims open this link, it redirects to a Dropbox webpage hosting the word file, thereby tricking the user into downloading the malware. This ambitious cybercrime campaign has been dubbed as “Haobao” wherein the malware file, after being downloaded, starts scanning for any bitcoin or cryptocurrency related activity. Once this… Engaging post, Read More…

thumbnail courtesy of


Read more on other related articles…

CyberWisdom Safe Harbor Commentary on Lazarus Hacker Group: reflects the truth about a new malware campaign, called Hao Bao, was launched by North Korean hacker group Lazarus, specifically targeting cryptocurrencies and financial institutions through sophisticated cyber-attacks. Lazarus hacker group In early 2017, Lazarus, a North Korean hacker group, actively circulated a large number of spear phishing

Lazarus Hacking Group Delivering RATANKBA Malware & Remote Hacking Tool Via MS Office Documents

CyberWisdom Safe Harbor Commentary on RATANKBA Malware What is most likely to be an overlooked story from argues how Lazarus Hacking Organization Spread Weapon RATANKBA Malware and sophisticated hacking tools through Microsoft Office documents can mainly affect cryptocurrencies.Lazarus Hackers Group has been operating a number  of businesses for many years around 2014-2016, most of which

North Korean cyber arsenal used Lazarus APT hackers attacking financial institutions

CyberWisdom Safe Harbor Commentary: What is most likely to be an overlooked story from recaps a revealing find that Trend Micro’s security experts have analyzed the tools that malware and the Lazarus APT team have used in recent attacks on financial institutions.Trend Micro’s security experts analyzed the attack on the financial institutions by the infamous

Financially motivated attacks reveal the interests of the Lazarus APT Group

  The original curated post is from Safe Harbor on   CyberWisdom Commentary: Security Affair say researchers from security firm Proofpoint have collected evidence of the vital interests of the Lazarus APT group in cryptocurrencies. Hackers associated with North Korea have launched several multi-phase attacks that use cryptocurrency-related temptations to infect victims of malware

North Korea’s Olympic Diplomacy Hasn’t Stopped Its Hacking…Still to come

CyberWisdom Safe Harbor Commentary on North Korea Cyber Activities: A must-read story from reveals the truth about North Korea may seem virtually attractive. Its hockey team, combined with South Korea, has become the global symbol of dictator Kim Jong-un and calling for a better relationship with the South. Kim’s sister led the Pyeongchang charm offensive.

New Report: North Korean Hackers Stole Funds From South Korean Cryptocurrency Exchanges

CyberWisdom Safe Harbor Commentary on Lazarus group: Today I came across this story from that expands how North Korean hacker organization Lazarus Group to various South Korean cryptocurrency hacking and security breaches. US network security firm Recorded Future released a new report linking North Korean hacker organization Lazarus to various South Korean cryptocurrency hacking and

Exposed: Sending Monero cryptocurrency from miner to North Korean University

CyberWisdom Observed: This article from SecurityAffairs is interesting and needs a quick read for your awareness on cyber crypto-mining by the North Koreans. The mined Monero coins are sent to Kim Il Sung University in Pyongyang, North Korea, but experts noted that the developers might not be of North Korean origins. The KSU is an unusually open University, it is

US government says North Korea was behind massive WannaCry cyber attack

CyberWisdom Summarized Roundup: The Trump administration has accused North Korea of launching a so-called WannaCry cyberattack earlier this year that paralyzed hospitals, banks and other companies around the world. The official said the U.S. government has “very high confidence” assesses that the hacker called Lazarus Group, which works on behalf of the North Korean government,

If you like to receive more of these curated safe harbor news alerts then subscribe to my mailing list. and come back soon at to read further CyberWisdom Safe Harbor Commentaries. Home » Curated SafeHarboronCyber’s CyberWisdom Post » McAfee Identifies Major Cyber Attack by Lazarus hacker group