Lazarus Hackers Group Continues to Target Cryptocurrency
Suspected of cyber crime sponsored by North Korea, Lazarus is still targeting cryptocurrency and adopting new tactics, according to reports from cyber security and anti-virus companies, Kaspersky Lab released on March 26.
The report revealed that alleged hackers sponsored by North Kirea, Lazarus were active with new operations since late November, where the group used PowerShell which enabled them to manage and control Windows and macOS malware. Lazarus is reported to have developed special PowerShell scripts that interact with C2 malicious servers and execute commands from operators.
The name C2 server script is incorrectly interpreted as a WordPress file, and other open source projects. After a malware control session with the server is created, malware can download and upload files, update malware configurations and collect basic information, among others.
Kaspersky notes that hackers are still targeting systems that are involved in cryptocurrency and the fintech industry, and advise actors in the sector to be careful:
If you are part of the booming cryptocurrency or technology startup industry, be careful when dealing with third parties or when installing software on your system. Never do 'Enable Content' (macro scripting) in Microsoft Office documents that are received from new sources or sources that cannot be trusted.
As previously reported, Lazarus is reportedly responsible for the theft of $ 571 million of the $ 882 million cryptocurrency from online exchange from 2017-2018, nearly 65 percent of the total. Of the 14 separate exchange violations, five were linked to Lazarus, including breaking the $ 532 million NEM industry record from Japanese Coincheck.
Beginning in March, Cointelegraph reported that North Korea reportedly raised $ 670 million in fiat and cryptocurrency by carrying out hacking attacks, where hackers attacked all financial institutions from 2015 to 2018 reportedly using the blockchain to cover their tracks.
Source: Cointelegraph
