en
Back to the list

North Korean Hacking Groups Found Using Telegram to Steal Cryptocurrency

source-logo  cryptoglobe.com  + 6 more 10 January 2020 04:40, UTC

Lazarus, a well-known hacking group believed to have ties to the North Korean regime, is reportedly using the privacy-centric messaging app Telegram to steal cryptocurrency.

According to Kaspersky’s cybersecurity researchers, evidence suggests Lazarus has been changing its attack methodology by taking “more careful steps” and employing “improved tactics and procedures” to steal Telegram users’ cryptocurrency.

Telegram is one of the most popular messaging platforms in the cryptocurrency community, so much so it’s even launching its own cryptocurrency, Gram, on its own TON blockchain. Lazarus’ attack vector is centered on fake cryptocurrency trading platforms, used to lure in victims.

Kaspersky’s researchers revealed Lazarus has been setting up fake cryptocurrency trading firms with websites that have links to social media platforms, including fake Telegram trading groups. In one instance, a Windows user was infected with malicious files via Telegram, and not via the fake crypto trading platform itself.

Another #Lazarus #macOS #trojan
md5: 6588d262529dc372c400bef8478c2eec
hxxps://unioncrypto.vip/

Contains code: Loads Mach-O from memory and execute it / Writes to a file and execute it@patrickwardle @thomasareed pic.twitter.com/Mpru8FHELi

— Dinesh_Devadoss (@dineshdina04) December 3, 2019

The researchers added they found various fake crypto exchanges, and that they believe these were created using free web templates. While Kaspersky only found these groups now, at least one was created back in December 2018.

The malware used on victims gives the North Korean hacking group control of the compromised device. Lazarus is known for going after financial institutions, and in recent years targeting cryptocurrency businesses. Identified victims from Poland, the UK, Russia, and China confirmed they were cryptocurrency businesses.

As CryptoGlobe reported, in March 2019 Kaspersky warned Lazarus’ targets were still businesses dealing with cryptocurrencies, warning extra caution was necessary when “dealing with new third parties or installing software.”

A UN reported from August 2019 revealed it was believed Lazarus managed to net the North Korean government was much as $2 billion through attacks on cryptocurrency exchanges and other financial institutions. South Korea’s largest crypto exchange Bithumb, which was hacked two times in the past, is believed to have been one of their targets.

cryptoglobe.com

Similar news (6)
Add similar news

Add similar news

Send us a link to a similar news story on another source.

Why do we need it

The citation rate of a news item indicates its importance and significance. The number of mentions in different sources allows you to look at an event from different angles.

Please help us improve the application. If we have published news and you have found a similar one in another source, send us a link to it.