Previously linked North Korean hacking organization, The Lazarus Group has been linked to new attack schemes that have led to criminal activity and compromised systems to steal cryptocurrencies from third parties. Using a modified version of an existing malware product called Applejeus, this campaign accesses systems using encrypted sites and documents.
Modified Lazarus malware masquerading as a crypto site
Lazarus, a hacking group in the US, threatens to infect systems using crypto sites to steal information and cryptocurrencies from third parties.
Previously, Lazarus used the same strategy. However, this new scheme uses techniques that allow applications to “confuse and slow down” the malware detection task.
Document Macros
Volexity also discovered that the method of delivering this malware to end users changed in his October. This method was modified to use Office documents, specifically spreadsheets containing macros. This is a kind of program embedded in documents designed to install his Applejeus malware on your computer.
The document identified by the name “OKX Binance & Huobi VIP Rate Comparison.xls” lists the perks each of his VIP programs on these exchanges supposedly offer at different levels. is displayed. To mitigate this type of attack, block macro execution in documents, scrutinize and monitor the creation of new tasks in the OS, and be aware of new, unidentified tasks running in the background. It is recommended. However, Veloxity did not communicate the level of reach achieved by this campaign.
Lazarus was formally indicted by the U.S. Department of Justice (DOJ) in February 2021, implicating operatives in groups associated with North Korea’s intelligence agency, the Reconnaissance General Bureau (RGB). . Earlier, in March 2020, DOJ indicted two Chinese nationals for helping launder more than $100 million of his cryptocurrency related to Lazarus exploits.
Image Credits: Shutterstock, Pixabay, Wiki Commons