Cointime

Cointime

Download App
iOS & Android

North Korean Lazarus Group Linked to New Cryptocurrency Hacking Scheme

The Lazarus group, a North Korean hacking organization previously linked to criminal activity, has been connected to a new attack scheme to breach systems and steal cryptocurrency from third parties. The campaign, which uses a modified version of an already existing malware product called Applejeus, uses a crypto site and even documents to gain access to systems.

Modified Lazarus Malware Used Crypto Site as Facade

Volexity, a Washington D.C.-based cybersecurity firm, has linked Lazarus, a North Korean hacking group already sanctioned by the U.S. government, with a threat involving the use of a crypto site to infect systems in order to steal info and cryptocurrency from third parties.

A blog post issued on Dec. 1 revealed that in June, Lazarus registered a domain called “bloxholder.com,” which would be later established as a business offering services of automatic cryptocurrency trading. Using this site as a facade, Lazarus prompted users to download an application that served as a payload to deliver the Applejeus malware, directed to steal private keys and other data from the users’ systems.

The same strategy has been used by Lazarus before. However, this new scheme uses a technique that allows the application to “confuse and slow down” malware detection tasks.

Document Macros

Volexity also found that the technique to deliver this malware to final users changed in October. The method morphed to use Office documents, specifically a spreadsheet containing macros, a sort of program embedded in the documents designed to install the Applejeus malware in the computer.

The document, identified with the name “OKX Binance & Huobi VIP fee comparision.xls,” displays the benefits that each one of the VIP programs of these exchanges supposedly offers at their different levels. To mitigate this kind of attack, it is recommended to block the execution of macros in documents, and also scrutinize and monitor the creation of new tasks in the OS to be aware of new unidentified tasks running in the background. However, Veloxity did not inform on the level of reach that this campaign has attained.

Lazarus was formally indicted by the U.S. Department of Justice (DOJ) in Feb. 2021, involving an operative of the group linked to a North Korean intelligence organization, the Reconnaissance General Bureau (RGB). Before that, in March 2020, the DOJ indicted two Chinese nationals for aiding in the laundering of more than $100 million in cryptocurrency linked to Lazarus’ exploits.

Crypto
Comments

All Comments

Recommended for you

  • U.S. Senate to Vote Today on Confirmation of First Bitcoin-Supporting Federal Reserve Chair

    On April 29, the U.S. Senate will vote today to confirm the first Federal Reserve Chair who supports Bitcoin. This position oversees the world's largest central bank and is involved in the cryptocurrency sector. (The Bitcoin Historian)

  • US Spot Bitcoin ETF Sees $89.7 Million Net Outflow Yesterday

    On April 29, according to monitoring data from Farside Investors, the US spot Bitcoin ETF experienced a net outflow of $89.7 million yesterday.

  • US Spot Ethereum ETF Sees Net Outflow of $21.8 Million Yesterday

    On April 29, according to monitoring data from Farside Investors, the US spot Ethereum ETF experienced a net outflow of $21.8 million yesterday.

  • BTC Surpasses $77,000

    Market data shows that BTC has surpassed $77,000, currently priced at $77,003.63, with a 24-hour increase of 0.23%. The market is highly volatile, so please ensure proper risk management.

  • ETH Surpasses $2300

    Market data shows that ETH has surpassed $2300, currently priced at $2300.38, with a 24-hour increase of 0.67%. The market is experiencing significant volatility, so please ensure proper risk management.

  • NVIDIA Executive to Discuss Physical AI Collaboration with Samsung and SK Hynix

    On April 29, according to Yonhap News Agency citing industry sources, a key executive from NVIDIA (NVDA.US) will meet with counterparts from Samsung Electronics and SK Hynix on Wednesday to discuss collaboration in the field of physical artificial intelligence. Madison Huang, Senior Director of Product and Technology Marketing for NVIDIA's Physical AI platform, is visiting South Korea to expand partnerships in this area. Her team is responsible for NVIDIA's Omniverse development platform aimed at physical and industrial AI simulation applications, as well as supporting the company's initiatives in industrial digitalization and physical AI strategies through its robotics platform. Samsung Electronics and SK Hynix are major suppliers of memory chips used in NVIDIA's AI chips. NVIDIA is also collaborating with these South Korean chip manufacturers to deploy large-scale GPU clusters to strengthen South Korea's national AI infrastructure and promote the application of AI in robotics, factories, and industrial platforms. (Dongxin News Agency)

  • A-shares Trading Volume Exceeds 1 Trillion Yuan

    On April 29, the trading volume of the Shanghai and Shenzhen stock exchanges surpassed 1 trillion yuan, a decrease of nearly 120 billion yuan compared to the same time the previous day. (Dongxin News Agency)

  • China's Token Call Volume Expected to Reach 211 Trillion by 2025, Exhibiting Exponential Growth

    On April 29, the 'National Data Resource Survey Report (2025)' was released at the 9th Digital China Construction Summit. The report indicates that China's data resources are increasingly empowering the innovative development of artificial intelligence. A 'token' is the smallest unit of information obtained by splitting data for efficient processing by large AI models. By the end of 2025, the national average daily token call volume is expected to grow from over 1 trillion at the beginning of the year to 100 trillion by the end of the year, demonstrating exponential growth; the total token call volume for the year is projected to reach approximately 211 trillion. (Dongxin News Agency)

  • Goldman Sachs Reportedly Bans Hong Kong Employees from Using Anthropic Claude Model

    On April 29, the Financial Times reported, citing informed sources, that Goldman Sachs has prohibited its bankers in Hong Kong from using Anthropic's AI model, Claude. Goldman Sachs employees in Hong Kong have been unable to access the model through the internal AI platform for several weeks. An Anthropic spokesperson stated that its Claude model has never received official 'support' in Hong Kong, but did not provide further comments. It is understood that after negotiating with Anthropic, Goldman Sachs concluded, based on a strict interpretation of its contract, that employees in Hong Kong are not allowed to use any products from Anthropic. However, this does not include contracts with other AI providers such as OpenAI.

  • White House Plans to Restore Cooperation with Anthropic

    According to AXIOS, the White House plans to restore cooperation with Anthropic.

Daily Must-Read

Popular Activities

RaveDAO at Terra Solis by Tomorrowland: A Female-Led Techno Night Where Web3 Culture Converges

RaveDAO at Terra Solis by Tomorrowland: A Female-Led Techno Night Where Web3 Culture Converges

April 30 - April 30
Dubai

Popular Tags

Cointime
News
Contents
RSS
Company