In line with a recent official ‘report‘ by industry’s leading cybersecurity company ‘Kaspersky Lab,’ North Korean sponsored cybercrime group named ‘Lazarus’ is still targeting ‘cryptocurrencies‘ and adopting latest tactics.
The report announced that the allegedly state-sponsored hacker group named ‘Lazarus’ has been active with a new tactics since earlier from last Nov., wherein the group uses PowerShell that permits them to manage and manage Windows and macOS ‘malware‘. The Lazarus team has reportedly developed custom PowerShell scripts that interacts with C2 malicious servers and execute commands from the operator.
C2 server script names, in their flip, are misinterpreted as WordPress files, and several other open source projects. Once the malware management session with the server is made, the malware is able to download and transfer files, update ‘malware‘ configuration and collect basic host info, among others.
Kaspersky added that the hackers are still targeting systems concerned within the cryptocurrency and fintech industries, and suggested players in those sectors to exercise caution:
“If you’re a part of the booming cryptocurrency or technological startup business, exercise additional cautions while dealing with new 3rd parties or installing softwares on your systems […] And ne’er ‘Enable Content’ [macro scripting] in Microsoft office documents received from new or untrusted sources …”
As ‘reported‘ earlier, Lazarus is supposedly liable for $571 Mln of the $882 Mln in cryptocurrencies that was illegally hacked from on-line exchanges from 2017 to 2018; almost 65% of the total sum. Out of 14 total separate exchange breaches, 5 were attributed to the group, among them the industry’s renowned $532 Mln NEM alleged hack of Japan’s Coincheck.
Even earlier in March, North Korea has ‘reportedly‘ amassed around $670 Mln in fiat and cryptocurrencies by conducting hacking attacks, whereby the hackers attacked overseas financial establishments from 2015 to 2018 and supposedly used ‘blockchain‘ “to cover their tracks.”