CyberWisdom Safe Harbor Commentary on Lazarus hacker group
Hoaboa, but maybe Lazarus hacker group
Lazarus, a cybercriminal group, was suspected of supporting the WannaCry ransomware attack in 2017 and the company has reinstated its phishing email once again to counterfeit employees for vacancies in links to word documents infected in the e-mail. When an unsuspecting victim opens the link, it redirects to the Dropbox web page hosting the Word file, tricking users from downloading the malware.
This ambitious cybercrime campaign is known as “Haobao,” in which malware files are scanned for any bitcoin or cryptocurrency-related activity after being downloaded. Once this malware infects the target, it begins to collect various data and send it back to the remote server.
On January 15, 2018, a recent Lazarus cyberattack attempt was exposed after McAfee Advanced Threat Research (ATR) analysts discovered the malicious link that contained the document.
After further analysis, it shows that the file was edited and uploaded by the author under the name “Windows User” with no apparent name. McAfee has shown that in January, the same author created multiple infected files and uploaded them to the link on the 16th and January 24, 2018. The attack aims to identify victims running bitcoin-related software through specific system scans.
As McAfee said on its official blog, after downloading the infected file:
“The victim was persuaded to declare that the document was made in an earlier version of Microsoft Word by notifying him that the malicious document was then launched on the victim’s system through a Visual Basic macro.”
In addition, it has been found that the infected link also establishes contact with the same IP address previously used by Lazarus to host different malicious documents in 2017. The corrupted document was written by the same user name and has become the norm for some hacker organizations since the last cyber attacks.
Although the campaign is now known as Haobao, it is in line with Lazarus hacker group’s interest in cryptocurrency theft. Lazarus adopted the same technique that used similar file structures and job advertisements in previous phishing attacks.
In early January 2018, Marko Kobal, co-founder of NiceHash, a startup that markets cryptocurrencies, resigned as a chief executive officer. The announcement took place after a high-profile cyber attack on NiceHash, resulting in the loss of thousands of bitcoin.
On December 12, 2017, Bitfinex, a major cryptocurrency exchange, crashed into reports of hacking. The week before, Bitfinex had reported that they were the victims of a distributed denial of service attack, causing it to temporarily halt its trading platform.
BITCOIN PRICE: 11,592.00 HIGH: 11,645.67 LOW: 10,900.00 Advertise with Us Jobs at BTCManager Don’t miss out on the latest news Get BTCMANAGER delivered right to your inbox The blockchain technology is much more than Bitcoin and mining and trading cryptocurrencies. It can be leveraged in a wide February 20, 2018 12:45 by Rahul Nambiampurath The North Korea-based Lazarus hacking group is now targeting individuals and banking institutions with bitcoin stealing and phishing campaigns. The new cyber attack was discovered by analysts at McAfee Advanced Threat Research (ATR). As revealed by the company in a post on its website, the phishing attack is targeted towards bitcoin users and uses a sophisticated malicious document for accessing data. Lazarus, the cybercrime group, suspected to be behind the WannaCry ransomware attacks in 2017, has resumed its phishing emails again, targeting individuals with fake employee recruitment openings in an infected word document link in the email. When unsuspecting victims open this link, it redirects to a Dropbox webpage hosting the word file, thereby tricking the user into downloading the malware. This ambitious cybercrime campaign has been dubbed as “Haobao” wherein the malware file, after being downloaded, starts scanning for any bitcoin or cryptocurrency related activity. Once this… Engaging post, Read More…
thumbnail courtesy of btcmanager.com
Read more on other related articles…
CyberWisdom Safe Harbor Commentary on Lazarus Hacker Group: Gbhackers.com reflects the truth about a new malware campaign, called Hao Bao, was launched by North Korean hacker group Lazarus, specifically targeting cryptocurrencies and financial institutions through sophisticated cyber-attacks. Lazarus hacker group In early 2017, Lazarus, a North Korean hacker group, actively circulated a large number of spear phishing
CyberWisdom Safe Harbor Commentary on RATANKBA Malware What is most likely to be an overlooked story from gbhackers.com argues how Lazarus Hacking Organization Spread Weapon RATANKBA Malware and sophisticated hacking tools through Microsoft Office documents can mainly affect cryptocurrencies.Lazarus Hackers Group has been operating a number of businesses for many years around 2014-2016, most of which
CyberWisdom Safe Harbor Commentary: What is most likely to be an overlooked story from securityaffairs.co recaps a revealing find that Trend Micro’s security experts have analyzed the tools that malware and the Lazarus APT team have used in recent attacks on financial institutions.Trend Micro’s security experts analyzed the attack on the financial institutions by the infamous
The original curated post is from Safe Harbor on Cyber.com CyberWisdom Commentary: Security Affair say researchers from security firm Proofpoint have collected evidence of the vital interests of the Lazarus APT group in cryptocurrencies. Hackers associated with North Korea have launched several multi-phase attacks that use cryptocurrency-related temptations to infect victims of malware
CyberWisdom Safe Harbor Commentary on North Korea Cyber Activities: A must-read story from wired.com reveals the truth about North Korea may seem virtually attractive. Its hockey team, combined with South Korea, has become the global symbol of dictator Kim Jong-un and calling for a better relationship with the South. Kim’s sister led the Pyeongchang charm offensive.
CyberWisdom Safe Harbor Commentary on Lazarus group: Today I came across this story from cointelegraph.com that expands how North Korean hacker organization Lazarus Group to various South Korean cryptocurrency hacking and security breaches. US network security firm Recorded Future released a new report linking North Korean hacker organization Lazarus to various South Korean cryptocurrency hacking and
CyberWisdom Observed: This article from SecurityAffairs is interesting and needs a quick read for your awareness on cyber crypto-mining by the North Koreans. The mined Monero coins are sent to Kim Il Sung University in Pyongyang, North Korea, but experts noted that the developers might not be of North Korean origins. The KSU is an unusually open University, it is
CyberWisdom Summarized Roundup: The Trump administration has accused North Korea of launching a so-called WannaCry cyberattack earlier this year that paralyzed hospitals, banks and other companies around the world. The official said the U.S. government has “very high confidence” assesses that the hacker called Lazarus Group, which works on behalf of the North Korean government,
If you like to receive more of these curated safe harbor news alerts then subscribe to my mailing list. and come back soon at https://www.safeharboroncyber.com/Blog/ to read further CyberWisdom Safe Harbor Commentaries. Home » Curated SafeHarboronCyber’s CyberWisdom Post »