Kaspersky Labs security researchers recently revealed that Lazarus, a North Korean hacking group, may be stealing cryptocurrencies via Telegram.
North Korea is considered to be one of the few most unstable countries in the world and one that worries most. It has been stated over the years that the country is trying to develop nuclear weapons, and that it is financing a range of other projects that are of a concern to other countries.
The growth seemed to have halted, or at least slowed down, owing to US sanctions, but the country has recently begun to develop an interest in cryptocurrencies. In addition, it even invited Virgil Griffith, a US citizen from Singapore, to come and educate the country about cryptocurrencies. Doing so later contributed to Griffith’s detention in late November 2019, as soon as he stepped onto US soil.
Now, it seems that in their latest crypto-stealing campaign North Korean hackers, known as the Lazarus community, seem to be targeting cryptocurrencies.
It would appear that the Lazarus group is doubling its efforts to steal as much digital currency as possible, according to a recent statement released by security researchers at Kaspersky. Nevertheless, Kaspersky has found evidence in its latest campaign that the company is using a different approach.
The group has previously targeted cryptocurrencies, but this time, it has different methodology. As the study warns, its leaders use more effective strategies, and take more deliberate measures. The group has been working to improve its stealth while infecting systems and retrieving digital coins.
Instead of operating on HDDs, it allegedly does this by using a malware that runs in memory, which enables it to remain undetected Researchers also believe the group is using Telegram — a popular messaging app that generated its own digital currency, Gram — because of its large community of cryptographers.
The new initiative of Lazarus is called OperationAPpleJeus Sequel, which follows the 2018 discoveredAPpleJeus base. However, one thing remains the same, and that is the fact that the campaign often uses bogus crypto-trading companies to attract investors.
These fake firms even feature websites filled with links to fake Telegram trading groups where the hackers continue to deceive their victims that will soon be. Not only that, they also use the Telegram messenger app to distribute a malicious payload that is infecting the operating system of Microsoft Windows.
After the machine is compromised, attackers are able to access it remotely, and the cryptocurrency stored inside the computer is taken. Studies have thus far been able to identify a number of victims across Europe but also in China. In fact, multiple victims were not individuals but companies with cryptocurrencies. And how much the hackers managed to steal during the new campaign is still unclear.
But what is known is that last year, by hacking financial institutions and crypto exchanges, the UN reported that Korean hackers stole an estimated $2 billion. Some of its greatest hits on crypto exchanges include Bithumb’s hack, Youbit, and Nicehash, a crypto-cloud mining marketplace.