Cointime

Cointime

Download App
iOS & Android

North Korean Lazarus Group Linked to New Cryptocurrency Hacking Scheme

The Lazarus group, a North Korean hacking organization previously linked to criminal activity, has been connected to a new attack scheme to breach systems and steal cryptocurrency from third parties. The campaign, which uses a modified version of an already existing malware product called Applejeus, uses a crypto site and even documents to gain access to systems.

Modified Lazarus Malware Used Crypto Site as Facade

Volexity, a Washington D.C.-based cybersecurity firm, has linked Lazarus, a North Korean hacking group already sanctioned by the U.S. government, with a threat involving the use of a crypto site to infect systems in order to steal info and cryptocurrency from third parties.

A blog post issued on Dec. 1 revealed that in June, Lazarus registered a domain called “bloxholder.com,” which would be later established as a business offering services of automatic cryptocurrency trading. Using this site as a facade, Lazarus prompted users to download an application that served as a payload to deliver the Applejeus malware, directed to steal private keys and other data from the users’ systems.

The same strategy has been used by Lazarus before. However, this new scheme uses a technique that allows the application to “confuse and slow down” malware detection tasks.

Document Macros

Volexity also found that the technique to deliver this malware to final users changed in October. The method morphed to use Office documents, specifically a spreadsheet containing macros, a sort of program embedded in the documents designed to install the Applejeus malware in the computer.

The document, identified with the name “OKX Binance & Huobi VIP fee comparision.xls,” displays the benefits that each one of the VIP programs of these exchanges supposedly offers at their different levels. To mitigate this kind of attack, it is recommended to block the execution of macros in documents, and also scrutinize and monitor the creation of new tasks in the OS to be aware of new unidentified tasks running in the background. However, Veloxity did not inform on the level of reach that this campaign has attained.

Lazarus was formally indicted by the U.S. Department of Justice (DOJ) in Feb. 2021, involving an operative of the group linked to a North Korean intelligence organization, the Reconnaissance General Bureau (RGB). Before that, in March 2020, the DOJ indicted two Chinese nationals for aiding in the laundering of more than $100 million in cryptocurrency linked to Lazarus’ exploits.

Crypto
Comments

All Comments

Recommended for you

  • Cointime's Evening Highlights for May 24th

    1. CryptoPunks Launches “Super Punk World” Digital Avatar Series

  • An address mistakenly transferred about $7,000 in BTC to Satoshi Nakamoto’s wallet

    According to Arkham monitoring, someone accidentally sent 90% of their BTC assets to Satoshi Nakamoto's wallet address last night. They were trying to swap Ordinal for PupsToken, but ended up sending almost their entire wallet balance - about $7,000 worth of BTC.

  • USDC circulation increased by 200 million in the past 7 days

    According to official data, within the 7 days ending on May 16th, Circle issued 1.8 billion USDC, redeemed 1.6 billion USDC, and the circulation increased by 200 million. The total circulation of USDC is 33.2 billion US dollars, and the reserve is 33.4 billion US dollars, of which 3.8 billion US dollars are in cash, and Circle Reserve Fund holds 29.6 billion US dollars.

  • Bitcoin mining company Phoenix Group released its Q1 financial report: net profit of US$66.2 million, a year-on-year increase of 166%

    Phoenix Group, a listed mining company and blockchain technology provider for Bitcoin, released its Q1 financial report, with the following main points:

  • Pudgy Penguins and Lotte strategically cooperate to expand into the Korean market, and the floor price rose by 3.1% on the 7th

    The NFT series "Pudgy Penguins" has recently announced a strategic partnership with South Korean retail and entertainment giant Lotte Group on the X platform to expand its market in South Korea and surrounding areas. More information will be announced in the future. According to CoinGecko data, the floor price of Pudgy Penguins is currently 11.8 ETH, with a 7-day increase of 3.1%.

  • CryptoPunks Launches “Super Punk World” Digital Avatar Series

    Blue-chip NFT project CryptoPunks announced the launch of "Super Punk World" on X platform, which is the project's first release of 500 digital avatars inspired by the iconic CryptoPunks features and combined with Super Cool World attributes. It is reported that the series may launch auctions in the future, and more details about the collection and auction of this series will be announced soon.

  • Core Foundation launches $5 million innovation fund

    CoreDAO announced in a post on X platform that the Core Foundation has launched a $5 million innovation fund. The fund is currently mainly targeting the Indian market and has established strategic partnerships with the Indian Institute of Technology Bombay and some top venture capital companies to support the development of innovative blockchain projects in the country. At present, the fund has opened project funding applications.

  • Drift Foundation: The governance mechanism is gradually being improved, and DRIFT is one of the components

    The Drift Foundation stated on the X platform that the DRIFT token is a component of governance and a key element in empowering the community to shape the future. The governance mechanism is gradually improving, and more information will be announced soon.

  • U.S. Department of Justice: Two Chinese nationals arrested for allegedly defrauding at least $73 million through cryptocurrency investments

    According to the official website of the United States Department of Justice, a complaint from the central region of California was made public yesterday, accusing two Chinese nationals of playing a major role in a money laundering scheme involving cryptocurrency investment fraud.Daren Li, 41 years old, is a dual citizen of China and St. Kitts and Nevis, and is also a resident of China, Cambodia, and the United Arab Emirates. He was arrested on April 12th at Hartsfield-Jackson Atlanta International Airport and later transferred to the central region of California. Yicheng Zhang, 38 years old, is a Chinese national currently residing in Temple City, California. He was arrested yesterday in Los Angeles. Today, they are accused of leading a money laundering scheme related to an international cryptocurrency investment scam, involving at least $73 million. These arrests were made possible thanks to the assistance of our international and US partners, demonstrating the Department of Justice's commitment to continuing to combat the entire cybercrime ecosystem and prevent fraud in various financial markets.

  • Hong Kong expands digital yuan pilot to allow e-CNY wallets for cross-border payments

    The Hong Kong Monetary Authority and the People's Bank of China have expanded their cross-border digital yuan pilot to allow Hong Kong residents to use e-CNY wallets for cross-boundary payments. The digital yuan is China's central bank digital currency, which has been piloted for several years and is among the most advanced of its kind globally. Users can set up wallets using just a phone number and top them up in real-time through 17 Hong Kong retail banks. The HKMA plans to work with the Digital Currency Institute to explore enhancing interoperability in payments and corporate use cases, such as cross-border trade settlement.

Daily Must-Read

Popular Activities

Delysium $AGI & AI Private Yacht Party

Delysium $AGI & AI Private Yacht Party

March 27 - March 27
Seoul

Popular Tags

Cointime
News
Contents
RSS
Company