North Korean Lazarus Group Linked to New Cryptocurrency Hacking Scheme – Volexity, a cybersecurity firm based in Washington, D.C., has linked Lazarus, a North Korean hacker group already sanctioned by the U.S. government, to a threat involving the use of a crypto site to infect systems and steal information and cryptocurrency from third parties.
A blog post published on December 1 indicated that in June, Lazarus registered the site “bloxholder.com” for a firm that would subsequently offer automated cryptocurrency trading services. Using this site as a front, Lazarus persuaded users to download an application containing the Applejeus malware, which was designed to steal private keys and other data from the users’ systems.
Lazarus has utilized the same method in the past. This new methodology, however, employs a method that allows the application to “confuse and slow down” malware detection activities. Volexity also discovered that the delivery method for this virus changed in October. The method evolved to utilize Office documents, notably a spreadsheet containing macros, a type of program meant to install the Applejeus malware on a computer.
The document, identified with the name “OKX Binance & Huobi VIP fee comparision.xls,” displays the benefits that each one of the VIP programs of these exchanges supposedly offers at their different levels. To mitigate this kind of attack, it is recommended to block the execution of macros in documents, and also scrutinize and monitor the creation of new tasks in the OS to be aware of new unidentified tasks running in the background. However, Veloxity did not inform on the level of reach that this campaign has attained.
The U.S. Department of Justice (DOJ) formally accused Lazarus in February 2021 in connection with a group operative with ties to a North Korean intelligence agency, the Reconnaissance General Bureau (RGB). Prior to that, in March 2020, the DOJ accused two Chinese nationals for helping in the laundering of over $100 million in cryptocurrency tied to Lazarus’ activities.