The Lazarus Group, a cyber terrorism group that may suspect to have ties with the North Korean government, is allegedly ramping up its efforts to steal cryptocurrencies from unsuspecting victims.
Earlier this week, local news source Daily NK reported that the group has significantly bolstered its efforts to steal cryptocurrencies. This is coming at a time when the coronavirus has caused cyber attacks to rise sporadically. Citing a report from EST Security – a cybersecurity firm located in Seoul – Daily NK reported that the Lazarus Group has now entered into the class of Adaptive Persistent Threats (APT).
An Introduction to APTs
APTs are a unique form of cyber terrorists that gain entry into software systems. Ideally, the invaders remain unknown for a period. APTs conduct their cybercrimes to steal information, instead of just causing harm to the computer network. Per the report, the cyber terrorism group has especially turned its focus to entities that have traded digital currencies. The firm is reportedly also targeting several members of the crypto space, including miners and crypto hedge funds.
EST Security has now sent a warning that these attacks can take any shape. They could be as benign as you could imagine, but they can also cause severe financial damage.
Per the release, the espionage group uses corrupted emails in these attacks, especially on companies in the e-payment sector. EST Security has warned that hackers could also attach malicious documents to their mails. The documents come in the guise of software creation contracts from blockchain companies. Once opened, they corrupt the files on victim computers by sending trojan bugs into the systems.
The statement also confirmed that the Lazarus Group hasn’t confined its activities to South Korea alone. At the same time, the group appears to be targeting transactions that may generate foreign currencies.
North Korea Denies Lazarus Group Links
Of course, this isn’t the first time that the Lazarus Group will have a link to cybercrimes. Back in 2014, Forbes reported that the criminal organization had successfully attacked Sony Pictures. The infamous group has also gotten affiliated with the cyber attack on a Bangladeshi bank in 2016.
According to an analysis from “National Strategy for Combating Terrorist and Other Illicit Financing 2020”, from 2017 to 2018, the cyber-terrorist group was among three other hacker groups in North Korea that stole a total of $571 million in cryptocurrency from five Asian crypto exchanges.
Despite the group’s affiliations to the North Korean government, however, Pyongyang has vehemently denied any wrongdoing. Last year, the United Nations reported that the group had stolen up to $2 billion on behalf of the North Korean government. As Reuters explained, the Kim administration reportedly used the funds to bankroll its weapons program, as it had seen a shortfall of funds due to crippling economic sanctions.
The North Korean government eventually came out to hit back against the reports. The country’s state-run KCNA news agency reportedly ran a report claiming that such allegations were simply tactics to tarnish the government’s reputation.