Recent Updates
00:33
WLD And BNB Coin Analysis
23:59
Binance Announces Updates to Monitoring Tags for Multiple Tokens
23:45
Jasmy and Reef Price Analysis - 1July 2024
23:30
Bitcoin Price Poised for Summer Rally as Analysts Predict July Bull Run
23:00
Binance Futures Introduces USDC-Margined CRV Perpetual Contract
22:30
Marine Le Pen's Party Leads in the First Round of Elections in France, MiCA Statements Made
22:00
Australia Emerges as a Leader in Crypto Adoption with VanEck's Bitcoin ETF Launch
Crypto:
30453
Bitcoin:
$63.156
% 0.30
BTC Dominance:
%53.6
% 0.16
Market Cap:
$2.33 T
% 1.88
Fear & Greed:
53 / 100
Bitcoin:
$ 63.156
BTC Dominance:
% 53.6
Market Cap:
$2.33 T
Crypto News

North Korean Hackers Target South Korean Crypto Firms with New “Durian” Malware Variant

Yahya
Update Date: 13 May 2024 10:39:59
SUBSCRIBE: Youtube Google News
Hacker
13
May

Rumours have started of a new cyber threat that is emanating from North Korea as a state-sponsored hacking group called Kimsuky releases a dangerous malware variant that they call “Durian” on the South Korean cryptocurrency companies. This is considered by cybersecurity experts as a major step up in the continuous battle between the two countries in cyberspace.

Unveiling the Threat

In a recent threat report by Kaspersky, a major cybersecurity company, it was revealed that Kimsuky deployed the malware Durian for targeted attacks against at least two South Korean crypto companies. Kaspersky called the attack “persistent,” noting that the exploitation of legitimate security software targeted the crypto industry in South Korea.

The Anatomy of Durian

Durian, previously unaccounted for and unnamed by security researchers, acts as a multifaceted installer, allowing for the constant deployment of malicious tools. Some of these tools include the infamous “AppleSeed” backdoor, a custom proxy tool called LazyLoad, and even seemingly innocuous software such as Chrome Remote Desktop. Kaspersky explained the capacities of Durian, highlighting the complete backdoor capability for command execution, file downloading, and data exfiltration.

Lazarus Linkage

Particularly, Kaspersky linked the Durian campaign with the notorious North-Korean hacking team, the Lazarus Group. Andariel, a Lazarus subgroup, had also used LazyLoad, a component of Durian. This connection implies that there is cooperation or common resources between Kimsuky and the notorious Lazarus Group.

The Lazarus Ledger

The association of the Lazarus Group with crypto heists dates back to the year of its emergence, which is 2009. Lately, blockchain investigator ZachXBT uncovered the widespread money laundering operations of Lazarus, uncovering a mind-blowing $200 million laundered between 2020 and 2023. Accusations against Lazarus total over $3 billion in crypto theft over six years, with a chunk of 17%, or approximately $309 million, from their 2023 activities.

READ:  Hacker Launders 1100 ETH Through Tornado Cash

The evolution of the cyber battlefield gave rise to Durian and reflected the North Korean threat actors’ quest for monetary profits. While the shadow of Lazarus is still present in the crypto world, the affirmative force of South Korean organizations and the watchfulness of cybersecurity specialists are crucial in stopping such intricate attacks.

Rate this post

Leave a Reply

Your email address will not be published. Required fields are marked *