Renowned North-Korea hackers group ‘Lazarus’ has been linked to attacks on the central banks of Ecuador, Vietnam and Bangladesh.
In line with a recent official report published by cybersecurity firm ‘F-secure’, the investigating team have found operational similarities between this attack and other efforts that are associated to the Lazarus group.
Carried out as a phishing attack, the hackers used a LinkedIn message to transfer over a fake job offer document to a systems administrator at the cryptocurrency firm that when downloaded permits the attackers to urge in via the back door.
Once in, the hackers used backdoor network implants & malware to extract data from the infected computers. Consistent with the report, the attackers extensively utilized Mimikatz, a tailored sort of malware used to extract cryptocurrency wallet data or bank account details.
According to a recent official web-blog post on the firm’s website by the Helsinki-based F-secure’s director of detection and response, Matt Lawrence:
“The evidence also suggests that this is often a part of an ongoing campaign targeting organizations in over a dozen countries.”
Earlier in March, the United States Department of the Treasury announced sanctions against two Chinese nationals who had helped hackers from the Lazarus group launder proceeds from an attack on cryptocurrency exchange earlier in 2018.