% 4.22
BTC Dominance:
% 0.13
Market Cap:
$2.44 T
% 3.67
Fear & Greed:
74 / 100
$ 69.773
BTC Dominance:
% 54.4
Market Cap:
$2.44 T

North Korean Hackers Target South Korean Crypto Firms with New “Durian” Malware Variant


Rumours have started of a new cyber threat that is emanating from North Korea as a state-sponsored hacking group called Kimsuky releases a dangerous malware variant that they call “Durian” on the South Korean cryptocurrency companies. This is considered by cybersecurity experts as a major step up in the continuous battle between the two countries in cyberspace.

Unveiling the Threat

In a recent threat report by Kaspersky, a major cybersecurity company, it was revealed that Kimsuky deployed the malware Durian for targeted attacks against at least two South Korean crypto companies. Kaspersky called the attack “persistent,” noting that the exploitation of legitimate security software targeted the crypto industry in South Korea.

The Anatomy of Durian

Durian, previously unaccounted for and unnamed by security researchers, acts as a multifaceted installer, allowing for the constant deployment of malicious tools. Some of these tools include the infamous “AppleSeed” backdoor, a custom proxy tool called LazyLoad, and even seemingly innocuous software such as Chrome Remote Desktop. Kaspersky explained the capacities of Durian, highlighting the complete backdoor capability for command execution, file downloading, and data exfiltration.

Lazarus Linkage

Particularly, Kaspersky linked the Durian campaign with the notorious North-Korean hacking team, the Lazarus Group. Andariel, a Lazarus subgroup, had also used LazyLoad, a component of Durian. This connection implies that there is cooperation or common resources between Kimsuky and the notorious Lazarus Group.

The Lazarus Ledger

The association of the Lazarus Group with crypto heists dates back to the year of its emergence, which is 2009. Lately, blockchain investigator ZachXBT uncovered the widespread money laundering operations of Lazarus, uncovering a mind-blowing $200 million laundered between 2020 and 2023. Accusations against Lazarus total over $3 billion in crypto theft over six years, with a chunk of 17%, or approximately $309 million, from their 2023 activities.

READ:  Kiyosaki Doubles Down on Crypto, Sees Bitcoin as Perfect Asset

The evolution of the cyber battlefield gave rise to Durian and reflected the North Korean threat actors’ quest for monetary profits. While the shadow of Lazarus is still present in the crypto world, the affirmative force of South Korean organizations and the watchfulness of cybersecurity specialists are crucial in stopping such intricate attacks.

Rate this post

Leave a Reply

Your email address will not be published. Required fields are marked *