North Korean “Lazarus” Hackers Attacking Crypto Companies

The North Korean hacker group Lazarus have continued to carry out several attacks on crypto businesses and financial technology (fintech) firms, using modern hacking techniques, according to Kaspersky Lab.

According to the report, it is alleged that a group of hackers has created PowerShell scripts which enable operators to run different commands on a remote server. Those scripts fall on the server under the facade of WordPress files. When the script is successfully launched, it enables attackers to download and then install app files, go on to update the configuration of the ill server and then gather info about it.   

Over Half a Billion Lost   

Experts from Kaspersky Lab noted that Lazarus attackers go on to hack firms which operate in the fields of digital currencies and fintech.   

“If you’re part of the thriving crypto or technological startup industry, exercise extra carefulness when dealing with new third parties or installing software on your systems […] And never ‘Enable Content’ (macro scripting) in Microsoft Office (MSO) documents received from new or untrusted sources…” computer security experts warned.   

However, according to Group-IB, Lazarus - the N. Korean group of hackers, managed to steal over $500,000,000 USD (1/2 billion dollars) in crypto. The group of hackers is very popular to the extent of being noted in the UN Security Council.   

Importing Hacking Knowledge   

On March 26, 2019, Microsoft took control of 99 domains which are managed and operated by Iranian state hackers APT35/Phosphorus Cyber-espionage group.   

According to the court documents, Microsoft company has been conducting and waging an undercover war against a group of Iranian state-sponsored hackers. Such hackers, transfer the knowledge and methods they use to execute their operations directly to go and start hacking crypto companies like the latest case of Lazarus.   

Towards the end of 2017, news started to appear concerning North Korean attacker’s hack on crypto exchanges which collected more than $670 billion. The attackers were further credited and praised for leaking the info from around 36 thousand accounts from Bithumb, South Korean-based crypto exchange.   

Hackers are at Your Door   

Recently, there was a leak of a UN report which indicated how North Korea had employed “cyber-attacks and distributed ledger tech (DLT) to bypass economic sanction and get foreign currency.   

Also, from the report by Group-IB, a security research company, stressed that Lazarus was reportedly responsible for over $570 million of the $882 million in digital currency which had been illegally stolen from different exchanges from 2017 to 2018. This event accounted for around 65 percent of the overall amount.   

Up-to-date, the largest attack was on Coincheck, a Japan-based crypto exchange, which lost more than $532 million in January of this year. Cryptopia, a New Zealand (NZ)-based cryptocurrency exchange, was also hacked in the same month as Coincheck, and lost over $16 million after being attacked twice in the span of two weeks. Singapore-based exchange DragonEx was also hacked recently and attackers managed to walk away with large sums of funds – the real amount stolen is yet to be disclosed by the company.