Tag: Lazarus Group

North Korea’s Lazarus Group Deploys New Kaolin RAT via Fake Job Lures
News

North Korea’s Lazarus Group Deploys New Kaolin RAT via Fake Job Lures

In summer 2023, the North Korea-affiliated threat actor Lazarus Group used its tried-and-true fake job lures to distribute a new remote access trojan named Kaolin RAT as part of attacks directed at certain targets in the Asia-Pacific area. In addition to performing typical remote access tasks (RATs), the malware has the ability to modify the file's last write timestamp and load any DLL binary that is received from a command-and-control server, according to a report released last week by Avast security researcher Luigino Camastra. The appid.sys driver's now-patched admin-to-kernel exploit (CVE-2024-21338, CVSS score: 7.8) allows the rootkit FudModule to be delivered via the RAT. Once inside, it can use this attack to get a kernel read/write primitive and eventually disable security p...
North Korea’s Lazarus Group Rakes in $3 Billion from Cryptocurrency Hacks
News

North Korea’s Lazarus Group Rakes in $3 Billion from Cryptocurrency Hacks

Since at least 2017, threat actors from the Democratic People's Republic of Korea (DPRK) have been increasingly focusing on the cryptocurrency industry as a significant means of generating revenue in order to evade sanctions placed on the nation. "The regime's ruling elite and its highly trained cadre of computer science professionals have privileged access to new technologies and information, despite the country's severe restrictions on movement both within and outside of it, and its general population's isolation from the outside world," cybersecurity firm Recorded Future said in a report shared with The Hacker News. For a select group of people with promise in computer science and mathematics, special access to resources, technologies, information, and occasionally international ...
North Korean Lazarus Group Targets Software Vendor Using Known Flaws
News

North Korean Lazarus Group Targets Software Vendor Using Known Flaws

A recent effort in which an unidentified software provider was hacked by taking use of known security holes in another well-known program has been linked to the North Korea-aligned Lazarus Group. According to Kaspersky, the assault sequences resulted in the threat actor using malware families including SIGNBT and LPEClient, a well-known hacking tool, for victim profiling and payload distribution. Security researcher Seongsu Park stated, "The adversary demonstrated a high level of sophistication, employing sophisticated evasion techniques and introducing SIGNBT malware for victim control." The attack was carried out by the SIGNBT malware, which used advanced techniques and a varied infection chain read more North Korean Lazarus Group Targets Software Vendor Using Known Flaws. Get ...
Lazarus Group Targeting Defense Experts with Fake Interviews via Trojanized VNC Apps
News

Lazarus Group Targeting Defense Experts with Fake Interviews via Trojanized VNC Apps

As part of a protracted operation known as Operation Dream Job, the North Korea-affiliated Lazarus Group (also known as Hidden Cobra or TEMP.Hermit) has been seen luring the defense sector and nuclear engineers with trojanized versions of Virtual Network Computing (VNC) applications. According to Kaspersky's APT trends report for Q3 2023, "the threat actor tricks job seekers on social media into opening malicious apps for fake job interviews." This backdoored application functions covertly, only becoming active when the user chooses a server from the drop-down menu of the Trojanized VNC client, so as to evade detection by behavior-based security solutions read more Lazarus Group Targeting Defense Experts with Fake Interviews via Trojanized VNC Apps. Stay informed with the best cy...
North Korea’s Lazarus Group Launders $900 Million in Cryptocurrency
News

North Korea’s Lazarus Group Launders $900 Million in Cryptocurrency

The Lazarus Group, which has ties to North Korea, has been implicated in the theft of almost $900 million of those revenues between July 2022 and July of this year. As much as $7 billion in bitcoin has been illegally laundered through cross-chain crime. Blockchain analytics company Elliptic stated in a new research released this week that "chain- or asset-hopping typologies are also on the rise" as traditional institutions like mixers continue to be the target of seizures and sanctions scrutiny. Cross-chain crime is the act of moving crypto assets quickly across tokens or blockchains in an effort to conceal their origin. It is a profitable way to cover up crypto thefts read more North Korea's Lazarus Group Launders $900 Million in Cryptocurrency. Stay informed with the best cyber...
North Korea’s Lazarus Group Suspected in $31 Million CoinEx Heist
News

North Korea’s Lazarus Group Suspected in $31 Million CoinEx Heist

Since June 2023, the Lazarus Group, which has ties to North Korea, has stolen approximately $240 million in cryptocurrencies, a huge increase in its hacking activity. The famed hacker squad is allegedly suspected of stealing $31 million in digital assets from the CoinEx exchange on September 12, 2023, according to numerous reports from Certik, Elliptic, and ZachXBT. The crypto robbery intended for CoinEx is the latest in a succession of recent attacks that also cost $100 million for Atomic Wallet, $37.3 million for CoinsPaid, $60 million for Alphapo, and 41 million for Stake.com. Some of the CoinEx money that was stolen was sent to an address that the Lazarus gang had previously used to launder money from Stake.com read more North Korea's Lazarus Group Suspected in $31 Million Co...
Lazarus Group Exploits Critical Zoho ManageEngine Flaw to Deploy Stealthy QuiteRAT Malware
News

Lazarus Group Exploits Critical Zoho ManageEngine Flaw to Deploy Stealthy QuiteRAT Malware

A significant security weakness affecting Zoho ManageEngine ServiceDesk Plus that has since been patched has been seen being used by the Lazarus Group, a threat actor with ties to North Korea, to spread a remote access trojan known as QuiteRAT. Healthcare organizations in Europe and the United States are among the targets, according to a two-part research by cybersecurity company Cisco Talos. A new threat known as CollectionRAT has also been found after a deeper look at the adversary's recycling attack infrastructure in its cyberattacks on businesses. Talos noted that the Lazarus Group's continued reliance on the same tradecraft in spite of the components' extensive historical documentation demonstrates the threat actor's confidence in their operations read more Lazarus Group Exp...
Crypto payments platform CoinsPaid loses $37M, points finger at Lazarus Group
News

Crypto payments platform CoinsPaid loses $37M, points finger at Lazarus Group

A cyberattack on the European cryptocurrency payment network CoinsPaid resulted in the loss of $37.3 million. The Estonian company boasts a "record low" reward for the cybercriminals even though it accuses the Lazarus Group in North Korea as being the guilty party. Previous crypto heists by Lazarus Group cost hundreds of millions of dollars or more in losses. For instance, they have stolen $625 million worth of cryptocurrencies from the Ronin exchange, $721 million worth of bitcoin assets from Japan since 2017, and most recently $64 million in connection with the Harmony blockchain attack. The 37.3 million USD are insignificant compared to the Estonian crypto company. According to CoinsPaid's news statement, "In response to the attack, the company's dedicated team of experts has wor...