Lazarus Group also called as HIDDEN COBRA is a cybercrime group which is responsible for many worldwide cyber attacks. This group is now involved in the $571 million cryptocurrency theft, reported The Next Web. The North Korean hacker group Lazarus is responsible for the robbery of over half a billion dollars in cryptocurrency since 2017.
Group-IB, one of the leading information security companies has investigated and released its annual report on trends in hi-tech cybercrime. The study was based on the data gathered from Group-IB Threat Intelligence system.
Group-IB’s report further explained that some hacker groups will possibly change their focus to cryptocurrency exchanges. The report also stated that Lazarus carried out 14 different attacks on cryptocurrency exchanges since January 2017 and is responsible for $571 million crypto theft. They regularly use established techniques and tools, such as spear phishing, social engineering, and malware.
The Next Web further reported that
Spear phishing remains the major vector of attack on corporate networks. For instance, fraudsters deliver malware under the cover of CV spam [with an attachment] that has a malware embedded in the document,” the summary explains. “After the local network is successfully compromised, the hackers browse the local network to find workstations and servers used working with private cryptocurrency wallets.
Phishers Stole 56% ICO funds
The report also explains 10% of the cumulative funds fostered by ICO platforms from 2017 have been stolen. The bulk of the stocks were lost to phishing. According to Group-IB, the hackers are taking advantage of “crypto-fever,” where users are so subdued with a fear of goofing out that they race to contribute to new cryptocurrency schemes as fast as possible, without monitoring for fake domain names.
It further said,
Fraudulent phishing-schemes involving crypto-brands will only get more complex as well as cybercriminals’ level of preparation for phishing attacks,” the group warns. “Automated phishing and the use of so-called ‘phishing-kits’ will become more widespread, including for the attacks on ICOs.
About Lazarus Group
The Lazarus group is responsible for “Operation Troy”, a cyber-espionage campaign that used unsophisticated distributed denial-of-service attack (DDoS) techniques to target the South Korean government in Seoul. This attack took place from 2009–2012. It is not yet clear who is really behind the group, but few media reports have suggested the group is a North Korean group.
A few days ago, this group was using MacOs malware and fake installer to hack cryptocurrency exchange. Lazarus group is the major player in the Advanced Persistent Threat world.
This group is largely involved in cyber crimes like cyberespionage, cybersabotage. It is also hacking banks and other financial companies around the world. Over the last few months, Lazarus has compromised various banks and penetrated a number of global cryptocurrency exchanges and fintech companies.
In this, the victims had been infected by using a trojanized cryptocurrency trading application, which had been suggested to the company over email. It was further found that company’s employee had willingly downloaded a third-party application from an authorized looking website and after that their computer had been infected with malware known as Fallchill. Fallchill is an old tool that Lazarus has started using again. After that, to avoid OS blocking the hackers developed malware for other platforms like macOS. This shows that the Lazarus group is now targeting non-Windows platforms.
Group-IB also said that there is a chance of the world’s biggest mining pools becoming an obvious target for state-sponsored hackers, claiming strived ‘51-percent attacks‘ to be frequently common. For 51% attacks to be victorious, hackers need to dominate a majority of the total computing power used by a Proof-of-Work powered blockchain. In the first half of 2018, five strong offenses were recorded with primary financial damages ranging from $0.55 million to $18 million.
In the month of August 2018, Group-IB, had investigated and analyzed 720 account leaks (logins and passwords) from 19 cryptocurrency exchanges. The study was based on the data gathered from Group-IB Threat Intelligence system.
According to its report, the number of compromised login data is massively raising. In comparison with the year 2016, the number of compromised accounts in 2017 surged by 369% and in the year 2018 because of exorbitant or unnecessary activity about cryptocurrencies it increased by 689%. The report further said that every third user from the USA is a victim of cryptocurrency cyber attack. The top 3 victims countries are the USA, Russia, and China.