Recent Updates
17:00
Cobo Integrates with The Open Network (TON) to Enhance Digital Asset Custody Solutions
16:00
CleanSpark Surpasses 20 EH/s Bitcoin Mining Milestone
15:00
Bitcoin ETFs Face $13.62M Daily Net Outflows After Consecutive Inflows
14:00
Genesis Digital Eyes U.S. IPO Amid Market Surge
13:00
Chainlink Partners with Fidelity, Sygnum on NAV Project
12:00
Astar Network to Burn 5% of Supply, Boosting Token Value and Staker Rewards
11:00
Blast Unveils Phase 2 Rewards: 10B Tokens Allocated
Crypto:
30464
Bitcoin:
$60.501
% 2.81
BTC Dominance:
%53.2
% 0.36
Market Cap:
$2.29 T
% 1.43
Fear & Greed:
51 / 100
Bitcoin:
$ 60.501
BTC Dominance:
% 53.2
Market Cap:
$2.29 T
Genel

North Korean Hacker Gang Targets South Korean Crypto Business

Deniz
Update Date: 13 May 2024 16:15:42
SUBSCRIBE: Youtube Google News
North Korean Hacker Group
13
May

According to reports, the North Korean hacker gang known as Kimsuky has been making use of a newly developed malware version known as “Durian” in order to perform targeted attacks against South Korean cryptocurrency companies.

The incident is noted in a threat intelligence report that was only recently published by Kaspersky. The research conducted by Kaspersky indicates that the virus is specifically designed to crack and exploit the security software that is utilized by South Korean crypto businesses, of which at least two have been identified.

Following the analysis of our data, we were able to identify two victims operating within the bitcoin industry in South Korea. The initial compromise took place in August 2023, and then a second one took place in November of the same year.

“It is important to note that our investigation did not uncover any additional victims during these incidents, which indicates that the actor took a highly targeted approach,” the study stated.

Malware known as Durian is an example of an “initial-stage” installation. It does this by introducing further malware and establishing a method for persistence within the device or instance that it assaults. After being executed, the malicious software will produce a stage loader and then add it to the operating system that is exposed so that it can be executed automatically. The installation of the malicious software is completed with a concluding payload that is written in Golang, which is an open-source programming language developed by Google.

Following this, the final payload makes it possible to execute remote commands that tell the infected device to download and exfiltrate files. Due to the fact that Golang is efficient for networked machines and huge codebases, the choice of language is also questionable.

READ:  South Korean Altcoin Frenzy Fizzles: Upbit Trading Volume Crashes 75%

It is interesting to note that the research from Kaspersky also disclosed that Andariel, a sub-group inside the notorious North Korean hacking consortium Lazarus Group, has utilized LazyLoad, which is one of the techniques that Durian has deployed. Although Kaspersky defined the connection as “tenuous” at best, this study indicates that there may be a stronger connection between Kimsuky and Lazarus than was previously thought.

Since its inception in 2009, the Lazarus Group has successfully established itself as one of the most notorious gangs of crypto hackers. In a recent revelation, independent onchain sleuth ZachXBT disclosed that the gang has successfully laundered more than two hundred million dollars’ worth of illicitly obtained cryptocurrency between the years 2020 and 2023. Lazarus is accused of stealing more than three billion dollars’ worth of cryptocurrency assets over the course of the six years leading up to the year 2023.

The confiscation of 279 cryptocurrency accounts that were linked to North Korean threat instances was ordered by a court in the United States last week.

Rate this post

Leave a Reply

Your email address will not be published. Required fields are marked *