The North Korean firm has targeted many cryptocurrency firms over the past few weeks.
Two of the dominating topics of the year 2017 has definitely been North Korea and Bitcoin. Now if you combine the two, you will probably get a bad combination, and unfortunately, that is the case here.
A group of North Korean based hackers nicknamed, the Lazarus Group, is believed to have started spearphishing campaigns against some cryptocurrency firms, so that they could steal some Bitcoin from them. North Korea has been subjected to intensive and wide ranging sanctions over the past year in retaliation to their accelerated nuclear proliferation program in clear contravention of the UN code. As a result, the country has been devoid of foreign currency for some time now, and any chance they can get is good for them. On the other hand, the recent price hikes in Bitcoin has ensured that cryptocurrency is a viable option for any criminal group looking to make a quick swish buck.
The Lazarus Group is well known for attacking using the WannaCry malware that hit many services demanding ransom, in large-scale bank attacks. The group is also infamous for the Bangladesh Bank hack which saw the Asian country’s main bank swindled of $81 million. The group is also believed to have started the Sony hack, reportedly furious at the making of the movie called, The Interview which featured Seth Rogen and James Franco. The group has been involved in propaganda attacks ever since then in defense of its country, North Korea.
Security firm, SecureWorks, the Lazarus Group is said to have launched the phishing attacks back in October, through the use of some malicious decoy documents m, which managed to disguise themselves as an opening for a CFO job at one of the leading European Bitcoin companies. When opened, the document contained a particular remote access Trojan which automatically gave the group access to the victims’ computer unbeknownst to them.
SecureWorks were confident that the attack had been orchestrated by the North Korean group because of the similarities in the technical skills used during the attack, and those of previous incidences. The security firm also believed that the form of RAT malware that was used in the attack was also a new type of attack which was purposefully being used for these type of attacks. A senior security researcher at the security firm, Rafe Pilling, told reporters that the most interesting part in the new attack was the change in tactic from that which was used last summer. Previously, Lazarus Group targeted defense organizations and now they had changed tactic to target the financial institutions which were based in cryptocurrencies.
The new attraction to Bitcoin and other cryptocurrencies coming from North Korea is not new as they have been reported to have started doing research over the subject at least four years ago when the cryptocurrency was gaining some traction worldwide. This is according to SecureWorks, which said that at the time, the North Korean actors tried to use IP addresses proxies to mask their true location but in some of the cases, the proxies had problems resulting in the revelation of the true locations.
With the recent hike in Bitcoin prices, it is unlikely that the North Korean interest will die down, and some intrusion activities in neighboring South Korea have also been believed to have emerged from the repressive state. The threat to cryptocurrency security in the near future is believed to be elevated especially with the advantages that it presents.
South Korea believes that the Lazarus Group is responsible for the Bithump hack, a South Korean cryptocurrency exchange, back in June. It is also believed to have attacked Coinis another cryptocurrency. Researchers also believe that most companies still remain at risk with the Lazarus Group still at large.