09 Jan 2020 Pavel Petrov
North Korean Hackers Use Telegram For Cryptocurrency Thefts
As the cryptocurrency sector strives for enhanced security, crypto hackers are trying to stay ahead of the game. Kaspersky Labs announced that the North Korean “Lazarus” hacking group is stepping up their game in terms of crypto thefts.
“Lazarus” seems to be updating their tactics and algorithms. The group now also “takes carefully planned steps” in their attacks, according to the Kaspersky research organization. One of the latest updates is the way the malware code is stored in victim computers. Hackers are now using the RAM or GPU memory to store and execute the malicious software. Furthermore, “Lazarus” is changing the way the group finds victims – they are more and more migrating toward Telegram, turning it into one of their most crucial attack channels.
The so-called “Operation AppleJeus Sequel” is a callback to the original AppleJeus campaign, which started at the end of 2018 and operated for most of 2019. Kaspersky researchers note that the main principle of the attacks remains the same – hackers are using fake crypto trading platforms to lure victims into their trap. The platforms are connected via a series of links to counterfeit trading groups on Telegram.
The victim profile is rather broad, but include several businesses with crypto wallets. The malware attack resembles a payload attack, mostly delivered via Telegram. If a machine is infected, attackers can gain full control over the victim, as well as use the device as a hub for further malware attacks. One thing, however, is certain – “Lazarus” aims their efforts solely on cryptocurrencies.
The researchers at Kaspersky noted a trend in the hacker attacks – the majority of fake trading platforms are built on free website templates. Most of the sites contain active links to fake Telegram groups, where the infection most probably happens. One of the oldest groups was created back in December 2018 going “under the radar” for a whole year, before Kaspersky uncovered it.
The Kaspersky team identified several victims, based all across the world – there are corporate entities from the United Kingdom, China, Poland, and Russia. As of press time, there is no clear data about how much worth of cryptocurrencies the hackers managed to steal.
Back in August 2019, the United Nations published a report stating that North Korean hacking groups allegedly stole over $2 billion worth of cryptocurrencies. Hackers’ primary victims were crypto exchanges and financial institutions.Cryptocurrency Crypto Market crypto trading exchange crypto news Hacks Financial institution malware