The Lazarus Group, a hacking team that’s reportedly a division of North Korea’s state hackers, is reportedly still trying to hack cryptocurrency-related businesses, presumably in an attempt to help the rogue state bypass sanctions.
According to cybersecurity firm Kaspersky, the Lazarus Group has an ongoing campaign in which it’s targeting cryptocurrency firms with malicious documents that can download and install Windows or Mac malware.
The firm has warned those in the cryptocurrency industry to be careful, while adding that users should never ‘enable content’ in Microsoft Office documents received from sources they don’t know.
If you’re part of the booming cryptocurrency or technological startup industry, exercise extra caution when dealing with new third parties or installing software on your systems.
The attacks are a continuation of other attacks the North Korean hacking group has conducted against cryptocurrency exchanges, that reportedly netted the group over $571 million worth of cryptocurrency between January 2017 and September 2018.
Data suggests Pyongyang has earned roughly $670 million worth of foreign currency and cryptocurrencies through cyberattacks conducted by the Lazarus Group, which has kept on acting despite public disclosure of its operations. Its goal, according to a UN Panel, may be to help North Korea bypass sanctions.
South Korea has directly accused North Korea of stealing millions from its cryptocurrency exchanges, and officials have looked into whether Coincheck’s $530 million worth of NEM hack had any involvement from the Lazarus Group. The hacking team has also been known to target individual cryptocurrency investors, not just businesses.
While North Korea’s hackers are known to not just focus on cryptocurrency hacks and fiat currency thefts but also on intelligence gathering, the Lazarus Group is reportedly solely focused on getting funds.
Notably, a Singapore-based cryptocurrency exchange called DragonEX was recently hacked as users’ crypto was “transferred and stolen.” The firm revealed which wallets were associated with the incident.
Something appears to be going on with @CoinBene . Users claim the exchange was hacked as large amounts of tokens are leaving its wallets and deposits and withdrawals are frozen, but the exchange claims it's undergoing maintenance.https://t.co/3Z4qfKMNBj
— Francisco Memoria (@FranciscoMemor) March 26, 2019
Another exchange, CoinBene, has users concerned over an unannounced maintenance period that saw deposits and withdrawals get frozen. Users also noticed large transactions going out of its wallets.