North Korean hackers used new software to attack cryptocurrency companies
North Korean hackers belonging to the Kimsuky group used a new malware variant known as Durian to launch attacks on South Korean cryptocurrency companies.
Report on cyber threats from Kaspersky indicates that this software was used in targeted attacks on at least two crypto firms. The attacks were carried out using a “persistent penetration” method that used legitimate security software specific to crypto firms in South Korea.
Report on cyber threats from Kaspersky indicates that this software was used in targeted attacks on at least two crypto firms. The attacks were carried out using a “persistent penetration” method that used legitimate security software specific to crypto firms in South Korea.
Source: X-account Kaspersky
The previously unknown Durian malware acts as an installer that deploys a continuous stream of malware, including a backdoor known as "AppleSeed", a special proxy tool known as LazyLoad, and other legitimate tools such as Chrome Remote Desktop.
“Durian has extensive backdoor functionality that allows you to execute transmitted commands, download additional files and exfiltrate files,” writes Kaspersky.
In addition, Kaspersky pointed out the use of the LazyLoad tool by the Andariel subgroup, which is part of the North Korean hacker group Lazarus Group. This suggests a connection between the Kimsuky group and a more well-known hacker group.
First appearing in 2009, Lazarus has established itself as one of the most famous crypto hacking groups.
On April 29, independent blockchain expert ZachXBT reported that from 2020 to 2023, the Lazarus group successfully laundered more than $200 million in illegally obtained cryptocurrencies. In the six years leading up to 2023, the Lazarus group is credited with stealing more than $3 billion worth of cryptocurrency assets.
In 2023, Lazarus is accused of stealing more than 17% of the total amount of all funds stolen, which is just over $309 million. More than $1.8 billion in cryptocurrencies have been lost to hackers and exploits so far this year, according to a Dec. 28 report from Immunefi.
In 2023, Lazarus is accused of stealing more than 17% of the total amount of all funds stolen, which is just over $309 million. More than $1.8 billion in cryptocurrencies have been lost to hackers and exploits so far this year, according to a Dec. 28 report from Immunefi.
If you have become a victim of fraud, we advise you to read our article How to return stolen funds in which we described in detail the scheme for returning funds and all your steps towards recovering funds. And of course, it’s worth turning to professionals for help.
We also remind you that you can check your crypto wallet for purity, perform AML address verification, track a transaction - this and more you can do in our Btrace solution. Free AML wallet verification for every new user.
We also remind you that you can check your crypto wallet for purity, perform AML address verification, track a transaction - this and more you can do in our Btrace solution. Free AML wallet verification for every new user.
Check blockchain address using Btrace
In seconds, determine the risk level of the counterparty’s address, find out the source of his funds and make an informed decision about interacting with him.
PREVENT FUNDS BLOCKING
PROTECT YOURSELF FROM SCAMMERS
AVOID TROUBLE WITH THE LAW
We also recommend