Lazarus – the North Korean hacking group – is back in the news again today, this time because the organization is reportedly using apps to track those involved in the cryptocurrency space.
Lazarus Is Doing Everything to Obtain Crypto
Among the law enforcement agencies that have discovered this new activity from Lazarus are CISA, the US Treasury Department, and the Federal Bureau of Investigation (FBI). All three organizations are now banding together as a means of warning crypto firms and their executives and telling them what they need to do to keep themselves and their exchanges safe from intruders.
Reports issued by the agencies claim Lazarus is looking to infect crypto businesses with trojans and other malicious bots and programs that will potentially drain their crypto portfolios of any digital monies they hold. The attacks will often start by illicit actors taking on the identities of those people they love and trust. These can include friends and family members. Thus, they make their way into the hearts of potential victims and steal their assets once they’ve gained their trust.
One of the warnings surrounding Lazarus states the following:
Intrusions begin with many spear phishing messages sent to employees of cryptocurrency companies often working in system administration or software development/ IT operations (DevOps) on a variety of communication platforms. The messages often mimic a recruitment effort and offer high-paying jobs to entice the recipients to download malware-laced cryptocurrency applications, which the U.S. government refers to as Trader Traitor.
Observed payloads include updated macOS and Windows variants of Manuscrypt, a custom remote access trojan (RAT) that collects system information and has the ability to execute arbitrary commands and download additional payloads.
Lazarus has been the subject of several headlines lately. Not long ago, federal agencies in the United States tied the organization to the recent hack of Axie that saw more than $600 million in crypto funds disappear practically overnight.
The Organization Is Quite Active as of Late
In a statement regarding the incident, the FBI mentioned:
The FBI continues to combat malicious cyber activity, including the threat posed by the Democratic People’s Republic of Korea to the U.S. and our private sector partners. Through our investigation we were able to confirm Lazarus Group and APT38, cyber actors associated with the DPRK, are responsible for the theft of $620 million in Ethereum reported on March 29. The FBI, in coordination with the Treasury and other U.S. government partners, will continue to expose and combat the DPRK’s use of illicit activities – including cybercrime and cryptocurrency theft – to generate revenue for the regime.
Not long ago, popular crypto exchange Binance was able to recover nearly $6 million in crypto funds allegedly stolen by members of Lazarus.