North Korean hackers introduce various methods to avoid detection but researchers are constantly tracking the group using a variety of methods.Īsked to name a few techniques that Lazarus employs, Seongsu Park looked at the technologies widely used in recent campaigns that were targeting defense companies. Recently, they attacked the aerospace/defense industry aggressively, They showed a high level of sophistication while attacking Israel, too, reported the New York Times. Seongsu Park also reckons Lazarus hackers are sophisticated: “Their attack methods are rapidly changing into highly sophisticated forms, and they keep undertaking a wide variety of efforts, such as attacking various platforms and continuously introducing methods to evade detection.” Israel is afraid they might have passed the intelligence to North Korea’s ally Iran. “Recently, they attacked the aerospace/defense industry aggressively,” Seongsu Park said.Ī few weeks ago, The Defence Ministry of Israel reported an attack by North Korean hackers on its classified defense industry. However, they target intelligence as well. He elaborated that the Lazarus groups’ primary intention is financial profits. “It is difficult to know their actual base, but they are attacking the world,” he told CyberNews. CyberNews talked to Seongsu Park, a senior security researcher at Kaspersky.
Lazarus group software#
Previously, Kaspersky has also reported that Lazarus - a hacking group allegedly responsible for the theft of $81 million from the Central Bank of Bangladesh in 2016 - also attacked banks, casinos, financial investment software developers, and cryptocurrency businesses. In July, Kaspersky found that Lazarus is now operating their ransomware VHD. “As noted in the report, we describe the attack as advanced, and that the threat actor displayed a high degree of sophistication through their operational security awareness,” they told CyberNews. Researchers at F-Secure, as well as other cybersecurity specialists, describe the Lazarus group as highly sophisticated. The complaint follows related criminal and civil actions announced in March 2020 pertaining to the theft of $250 million in cryptocurrency through other exchange hacks by North Korean actors. The August 2019 UN Security Council 1718 Committee Panel of Experts report estimates that North Korea had attempted to steal as much as $2 billion, of which $571 million is attributed to cryptocurrency theft.Īs they pointed out, the US government keeps track on how much money North Korea might have raised through cyberattacks worldwide.Īt the end of August 2020, The US Justice Department filed a civil forfeiture complaint detailing two hacks of virtual currency exchanges by North Korean actors who allegedly stole millions of dollars’ worth of cryptocurrency. We have noted activity ongoing into August 2020,” researchers at F-Secure told CyberNews. So a relatively large/long-running campaign. “We noted 97 domains, 37 links, and 31 documents used to phish victims in the report spread out across over more than 2 1/2 years. The purpose of the malware was to fetch credentials that would allow hackers to log in to certain systems and steal the cryptocurrency. People received messages via LinkedIn with a file that contained malicious code. Hackers targeted crypto talents by mimicking legitimate blockchain job listings. Their recent research showed how hackers phished for cryptocurrency via fake LinkedIn job alerts. Last year, Finnish security firm F-Secure uncovered a global phishing campaign by Lazarus, and their newest data shows this activity continuing well into 2020.
Lazarus has been targeting casinos, banks, they’ve been after cryptocurrency businesses, recently they’ve targeted the defense industry of Israel.Įxperts say Lazarus deploys highly sophisticated methods to retrieve money and intelligence from their targets.
North Korea is being sanctioned because of its nuclear program, therefore the country has limited ability to acquire foreign currency through exports. North Korea allegedly has 6,000 hackers and uses them for financial gain, as well as intelligence gathering. Lazarus, or Hidden Cobra, is a hacker unit believed to be backed by Pyongyang. They say these hackers are using highly sophisticated attack forms. CyberNews spoke to the security researchers who have been following Lazarus. The infamous Lazarus hackers linked with North Korea are after money and intelligence.