A group of hackers linked to the North Korean system continued to try to blackmail encryption by 2020.
According to a report released by Chainalysis, a group of North Korean hackers operating under the name “Lazarus” have targeted several crypto centers in the past year.
One of the attacks involved the creation of a fake trading robot that was presented to employees on the DragonEx exchange. The results show that hackers stole approximately $ 7 million in various Singaporean cryptocurrencies in March 2019.
In June, Cyber Cybernetics Sirfirm warned of a massive phishing campaign that could be launched by a North Korean pirate group.
The campaign is intended to target six countries and over 5 million companies and individuals. There are currently no clear signs that the team plans to continue this massive attack.
The authorities punish partners
The hacker group is also known to have stolen $ 571 million in cryptocurrencies since the beginning of 2017, according to Group-IB's e-crime study.
In March, the US State Department imposed fines on the Bureau of Foreign Assets Control, or OFAC, for Chinese citizens who were accused of stealing a cryptocurrency that was stolen in 2018.
A new fix appears
On July 28, a study by antivirus and malware company Kaspersky announced that Lazarus had created a new ransomware program. This new threat, known as VHD, is primarily aimed at the internal networks of companies in the financial sector.
James McGuiyan, KnowBe4's security education lawyer, explained to Cointelegraph how VHD Ransomware works
VHD is a concept similar to a USB storage device. Instead of physically inserting a USB drive into a port on your computer, the VHD file can be loaded onto the system to start the ransomware attack process. criminals, they do not need physical access, only electronic access to download the file. This type of attack requires access to systems. By using infrastructure or external and weak systems, they get the access they need. ”
Group performing individual operations
Kaspersky researchers speculated about possible causes of Lazar's solo work:
“We can only speculate as to why they are now conducting separate operations. They may find it difficult to deal with cybercrime, or they may feel that they can no longer afford to profit from third parties.”
Lazarus usually breaks into a corporate network to encrypt his data. They then approached the victims with a ransom request based on Monero Preference (XMR) encryption.