North Korean hacking group Lazarus becoming more active in crypto theft

Published by:
Posted on: May 11, 2020 6:44 pm EDT

The coronavirus has forced the hackers to work overtime as North Korea’s economy takes a nosedive

While the world is fighting a battle against the widespread coronavirus pandemic, Internet criminals are not giving anyone a break. Amid economic difficulty in North Korea due to the pandemic, North Korean hacking group Lazarus is increasing its efforts to steal cryptocurrency. Lazarus is said to be responsible for the 2014 Sony Pictures hacks and 2016 Bangladesh cyber heist.

“The APT (adaptive persistent threats) hacking group Lazarus, which is allegedly sponsored by a certain government [North Korea], is increasingly engaging in cybercrime activities in and out of South Korea,” according to an April 27 press release from ESTsecurity – a cybersecurity firm located in Seoul. According to this press release, the chosen targets for these attacks are people who have traded digital currencies, such as Bitcoin, including those who work in the cryptocurrency industry. ESTsecurity warns users that these attacks could cause real financial damage.

Another aspect explained in this press release is that “malicious emails used in these attacks mention companies that provide electronic payment services. The hackers attached malicious files disguised as blockchain software development contracts from those payment companies and induced the targets into opening them.” According to the company, these “spear-phishing” attacks are commonly used to obtain customers’ information by presenting some information that is of their specific interest.

Lazarus is a hacking group that has been quite successful for years. From 2017 to 2018, the group allegedly stole $571 million in cryptocurrency from fixed exchanges located in Asia. This is according to the “National Strategy for Combating Terrorist and Other Illicit Financing 2020” report released by the US Treasury Department in February.