North Korean hacking group Lazarus is doubling down on its efforts to steal cryptocurrencies. They are doing so to help the North Korean regime facing economic difficulties because of the COVID-19 pandemic.
Cybersecurity firm reveals the efforts
ESTsecurity, a Seoul based cybersecurity firm noted the efforts in a recent press release. It said,
“The APT (adaptive persistent threats) hacking group Lazarus, which is allegedly sponsored by a certain government [North Korea], is increasingly engaging in cybercrime activities in and out of South Korea.”
Lazarus is one of the most infamous hacking groups from North Korea which was responsible for the 2014 Sony Pictures hack. It was also responsible for the Bangladesh Bank cyber heist in 2016.
Who is Lazarus targeting?
According to the security firm, Lazarus is not after large organizations this time. It is targeting people who have traded cryptocurrencies or are working in the crypto field. It has warned people that there could be financial damage because of the group’s efforts. The firm added that the group has been carrying out attacks in South Korea as well as other international markets, like the US. They are involved in cyber-espionage operations as well and may also be engaged in activities that could generate foreign currency.
The press release also suggests that the group is sending malicious emails to companies providing electronic payment services. These emails may contain malicious files as attachments that are disguised as development contracts for blockchain software. They are made to look like contracts from payment companies and asks the targets to open them.
ESTsecurity suggests that these emails focus on spear-phishing methods which induces a victim to use specific information related to their interests after they obtain detailed information on them. Lazarus is specifically targeting cryptocurrencies and working on heist campaigns which are hard to track for crypto exchanges. These platforms are often the hotbed of crypto activity but are more vulnerable to hacks as compared to conventional financial institutions.
According to the “National Strategy for Combating Terrorist and Other Illicit Financing 2020” report from the US Treasury department, Lazarus has stolen $571 million in cryptocurrency from five Asian exchanges between 2017 and 2018. Stealing virtual assets could be helpful to North Korea which has been facing sanctions from the world’s financial systems. The country is now in complete isolation after the Sino-North Korean border was closed in January due to coronavirus.