Temptation from Money: Lazarus APT extended to cryptocurrencies

Lazarus APT

Security firm Proofpoint recently discovered that the Lazarus APT group is extremely concerned about cryptocurrency and is trying to tap the public and the media for its intense interest in soaring cryptocurrency prices. Therefore, Proofpoint concludes that Lazarus’s attack may be linked to economic interests.

Lazarus (transliteration “Lazarus”) is the number one threat to global financial institutions. The organization has been active since 2009 and it is assumed that as early as 2007, it has been involved in cyber espionage that destroyed data and undermined the system. According to the survey, Lazarus, a hacker group, was involved in a hacking attack on Sony Pictures in 2014 and a bank leak in Bangladesh in 2016.

Image: scmagazine.com

Proofpoint found some common features of Lazarus’s attacks:

First, several multi-phase attacks by North Korean hackers have infected users with malware associated with cryptocurrencies.

Second, other malware, including the Gh0st RAT, is designed to steal vouchers that encrypt currency wallets and transactions, enabling Lazarus organizations to make profitable use of bitcoin and other cryptocurrencies for profitable operations.

Proofpoint, therefore, speculated that most of the spying carried out by Lazarus was for economic reasons (these actions are either peculiar to North Korea), but several security companies have previously identified the Lazarus APT as a state-sponsored espionage organization and state-backed Organizations often carry out espionage and chaos. So it is interesting to explore Lazarus’s actions in these ways:

Lazarus APT seems to be the first state-funded hacking organization to receive financial benefits

These attacks on cryptocurrencies are also good for researchers to document the custom tools and procedures used by Lazarus APT.

It is inferred from these actions that Lazarus is not a mere organization of individuals.

A better understanding of Lazarus’s actions and the global threats it represents

Source: SecurityAffairs