Home News Crime Hacking Group Lazarus Allegedly Targeting Crypto Companies: Kaspersky Report

Hacking Group Lazarus Allegedly Targeting Crypto Companies: Kaspersky Report

March 27, 2019 12:08
Source: Gadgets To Use
Share with your friends

North Korea-backed cryptocurrency group, Lazarus, is back in the news again. The hacker group which has made news for hacking into cryptocurrency exchanges, is still allegedly targetting cryptocurrency entities, according to a report by Kaspersky Lab.

The cybersecurity and anti-virus company said in its report, “It’s hardly news to anyone who follows cyberthreat intelligence that the Lazarus APT group targets financial entities, especially cryptocurrency exchanges. Financial gain remains one of the main goals for Lazarus, with its tactics, techniques, and procedures constantly evolving to avoid detection.”


In August, the company had published a report on how the hacking group was targeting Mac operating systems. Crypto-News India had reported the report saying, “While investigating a cryptocurrency exchange attacked by Lazarus, we made an unexpected discovery. The victim had been infected with the help of a trojanized cryptocurrency trading application, which had been recommended to the company over email. It turned out that an unsuspecting employee of the company had willingly downloaded a third-party application from a legitimate looking website and their computer had been infected with malware known as Fallchill, an old tool that Lazarus has recently switched back to. There have been multiple reports on the reappearance of Fallchill, including one from US-CERT.”

Kaspersky had added, “This helped us understand that one of Lazarus’ victims was infected with malware after installing a cryptocurrency trading program. We also confirmed that the user installed this program via a download link delivered over email.”

Now, the company states that the group has amped up their methods making them more sophisticated than before. The report states, “They have developed custom PowerShell scripts that communicate with malicious C2 servers and execute commands from the operator. The C2 server script names are disguised as WordPress (popular blog engine) files as well as those of other popular open source projects.”

Liked what you read? Join us on Telegram


Please enter your comment!
Please enter your name here