The Lazarus group is commonly believed to be run by the North Korean government. Now, researchers at Volexity have analyzed a new campaign that is likely targeting cryptocurrency users and organizations with a variant of the AppleJeus malware by using malicious Microsoft Office documents. In January of 2022 the Malwarebytes Intelligence Team uncovered a campaign where Lazarus conducted spear phishing attacks weaponized with malicious documents that used a familiar job opportunities theme. It's been active since 2009 and is responsible for many high profile attacks. Create an incident response planso you know how to respond to cyber-intrusions.The North Korean Lazarus Group, aka APT38, is one of the most sophisticated North Korean APTs.Watch out for third-party downloads-especially cryptocurrency applications.Use endpoint protectionto detect exploits and stop malware.Enforce credential requirementsand use multi-factor authentication.Educate userson social engineering attacks like spearphishing.Use patch managementto stay on top of those security updates!.It is important therefore to apply the basic mitigation methods to counter this type of attacks: The advisorycontains a lot of specific IOCs for the most recent campaigns, but if we have learned anything from the past behavior of the Lazarus APT group it is that they will change man of them as soon as their current campaigns are outed. TraderTraitor describes a series of malicious Electron applications that can download and execute malicious payloads, such as remote access trojans ( RAT). The messages often mimic a recruitment effort and offer high-paying jobs to entice the recipients to download malicious "TraderTraitor" malware disguised as cryptocurrency trading or price prediction tools. It uses personalization to convince victims that they are reading and responding to legitimate messages.ĬISA reports that the Lazarus Group has been sending spearphishing messages to employees of cryptocurrency companies-often working in system administration or software development/IT operations (DevOps) roles-using a variety of communication platforms and social media. Spearphishing is a targeted form of phishing that's directed at and addresed to specific individuals. Victims are lured into downloading the malware with a variety of social engineering tactics, including spearphishing. All of this is done to create an environment where the group can initiate fraudulent cryptocurrency transactions. CISA warns that it uses these trojanized applications to gain access to victims' computers, to spread other malware, and steal private keys or to exploit other security gaps. ![]() Since 2018, one of the Lazarus Group's tactics has been to disguse AppleJeusmalware as cryptocurrency trading platforms for both Windows and Mac. The US government has observed North Korean cyber actors targeting a variety of organizations in the blockchain technology and cryptocurrency industry, including cryptocurrency exchanges, decentralized finance (DeFi) protocols, play-to-earn cryptocurrency video games, cryptocurrency trading companies, venture capital funds investing in cryptocurrency, and individual holders of large amounts of cryptocurrency or valuable non-fungible tokens AppleJeus ![]() These days, financial cybercrimes often involve Bitcoin and other cryptocurrencies. It is thought to conduct financial cybercimes as a way to raise money for a regime that has few trading opportunities, because of long-standing international sanctions. The Lazarus Group, aka APT38, is commonly believed to be run by the North Korean government. The Lazarus GroupĪPTs are defined as prolonged attacks on specific targets that aim to compromise their systems, and to gain information from or about them. A new advisoryissued by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the US Treasury Department (Treasury), highlights the cyberthreats associated with cryptocurrency thefts and tactics used by a North Korean state-sponsored advanced persistent threat (APT) group since at least 2020.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |