LazarusGroup
2,198 views
10 Posts
Hot
Latest
🚨 U.S. Treasury sanctions cryptocurrency mixing protocol Sinbad for alleged money laundering tied to Lazarus Group. #Sinbad #LazarusGroup #CryptoSanctions
Cryptocurrency on-chain analyst X-explore suggests similarities between the Poloniex hacking and a previous attack on Stake.com by the Lazarus Group, a North Korean-linked hacker group. The pattern involves depositing different tokens in distinct addresses, with each address storing only one type of token, as observed in both incidents. #CryptoHackingAnalysis #LazarusGroup #BitcoinWorld
Unmasking the Kandykorn Malware: North Korean Lazarus Group Targets Blockchain Engineers
In a chilling revelation, Elastic Security Labs, a prominent cybersecurity research firm, has unearthed a sophisticated cyber intrusion believed to be orchestrated by North Korean hackers associated with the infamous Lazarus group. This highly advanced operation, codenamed REF7001, unfolded in an unexpected manner, involving a newly identified macOS malware named Kandykorn. What sets this intrusion apart is its specific focus on blockchain engineers engaged in the cryptocurrency exchange sector. The malware's method of distribution, as well as its intricacies, have raised eyebrows in the cybersecurity community.
The Intricate Dance of Kandykorn
The Kandykorn malware employed in this cyber operation is far from ordinary. It initiates communication with a command-and-control (C2) server through an encrypted RC4 connection and boasts a unique handshake mechanism. However, its most striking feature is its patience – it quietly waits for instructions, enabling the hackers to discreetly control the compromised systems.
Elastic Security Labs has provided valuable insights into the capabilities of Kandykorn, highlighting its proficiency in performing a range of tasks, including file uploads and downloads, process manipulation, and executing arbitrary system commands. Moreover, the malware employs a technique known as reflective binary loading, a fileless execution method often associated with the notorious Lazarus Group.
The Lazarus Group Connection
Extensive evidence links this cyberattack to the Lazarus Group, a hacking collective believed to be based in North Korea. The connections between this intrusion and previous Lazarus Group activities are striking. These include similarities in attack techniques, shared network infrastructure, the use of specific certificates to sign malicious software, and custom methods utilized to detect Lazarus Group operations.
The web of connections goes further, with on-chain transactions revealing ties between security breaches at prominent cryptocurrency platforms like Atomic Wallet, Alphapo, CoinsPaid, Stake.com, and CoinEx. This evidence solidifies the belief in the Lazarus Group's involvement in these cyber exploits, raising concerns about their continued efforts in the cryptocurrency space.
The Imperative of Robust Cybersecurity Measures
Elastic Security Labs' findings serve as a stark reminder of the importance of implementing robust cybersecurity measures. As the cryptocurrency industry continues to expand and gain prominence, it becomes an increasingly attractive target for cybercriminals. Protecting against sophisticated threats like Kandykorn and the Lazarus Group necessitates a multi-faceted approach, involving rigorous network monitoring, intrusion detection, and employee awareness.
In an era where data breaches and cyberattacks are not a matter of "if" but "when," the need for proactive and comprehensive cybersecurity strategies is paramount. The Lazarus Group's latest intrusion into the cryptocurrency sector serves as a wake-up call, urging the industry to remain vigilant and committed to safeguarding the digital assets and technologies that underpin this evolving financial landscape.
#LazarusGroup #northkorea
$BTC $ETH $XRP
The Intricate Dance of Kandykorn
The Kandykorn malware employed in this cyber operation is far from ordinary. It initiates communication with a command-and-control (C2) server through an encrypted RC4 connection and boasts a unique handshake mechanism. However, its most striking feature is its patience – it quietly waits for instructions, enabling the hackers to discreetly control the compromised systems.
Elastic Security Labs has provided valuable insights into the capabilities of Kandykorn, highlighting its proficiency in performing a range of tasks, including file uploads and downloads, process manipulation, and executing arbitrary system commands. Moreover, the malware employs a technique known as reflective binary loading, a fileless execution method often associated with the notorious Lazarus Group.
The Lazarus Group Connection
Extensive evidence links this cyberattack to the Lazarus Group, a hacking collective believed to be based in North Korea. The connections between this intrusion and previous Lazarus Group activities are striking. These include similarities in attack techniques, shared network infrastructure, the use of specific certificates to sign malicious software, and custom methods utilized to detect Lazarus Group operations.
The web of connections goes further, with on-chain transactions revealing ties between security breaches at prominent cryptocurrency platforms like Atomic Wallet, Alphapo, CoinsPaid, Stake.com, and CoinEx. This evidence solidifies the belief in the Lazarus Group's involvement in these cyber exploits, raising concerns about their continued efforts in the cryptocurrency space.
The Imperative of Robust Cybersecurity Measures
Elastic Security Labs' findings serve as a stark reminder of the importance of implementing robust cybersecurity measures. As the cryptocurrency industry continues to expand and gain prominence, it becomes an increasingly attractive target for cybercriminals. Protecting against sophisticated threats like Kandykorn and the Lazarus Group necessitates a multi-faceted approach, involving rigorous network monitoring, intrusion detection, and employee awareness.
In an era where data breaches and cyberattacks are not a matter of "if" but "when," the need for proactive and comprehensive cybersecurity strategies is paramount. The Lazarus Group's latest intrusion into the cryptocurrency sector serves as a wake-up call, urging the industry to remain vigilant and committed to safeguarding the digital assets and technologies that underpin this evolving financial landscape.
#LazarusGroup #northkorea
$BTC $ETH $XRP
In 2023, the #LazarusGroup , a North Korean hacking organization, utilized the cryptocurrency mixer #YoMix for laundering stolen crypto, according to a report by #Chainalysis . The report also highlighted a decline in crypto money-laundering activity to $22.2 billion from $31.5 billion in 2022, partly due to the sanctions or closure of mixing services #TornadoCash and #Sinbad . Despite an overall decrease in crypto transaction volume, YoMix experienced significant growth, with one-third of its inflows traced back to wallets associated with crypto hacks. The Lazarus Group adapted by employing cross-chain bridges for obfuscation. In another development, the bankrupt crypto platform Celsius has distributed $2 billion worth of crypto to creditors, with payments made via PayPal for US creditors and Coinbase for overseas holders. Meanwhile, in Indonesia, Prabowo Subianto and his pro-crypto running mate Gibran Rakabuming Raka are likely to become the next president and vice president, potentially boosting the country's crypto-friendly policies, as Indonesia already boasts 18 million registered crypto investors. In the cryptocurrency market, Bitcoin is up 0.40% at $51,874.10, and Ethereum is up 0.86% at $2,810.75.
North Korean Hackers Lazarus Group Stolen $3B in Cryptocurrency.
The hacker group stole the funds over the last six years, which was likely used to fund the country's projects, a report said.
North Korea-linked hacker organization Lazarus Group has stolen $3 billion in cryptocurrency over the past six years, according to a report by cybersecurity firm Recorded Future.
The report released on Thursday reveals that in 2022 alone, the group plundered $1.7 billion in cryptocurrency, likely to fund North Korean projects.
Blockchain data analysis firm Chainalysis indicates that out of this total, $1.1 billion was stolen from decentralized finance (DeFi) platforms. A September report published by the U.S. Department of Homeland Security (DHS) as part of its Analytic Exchange Program (AEP) also highlighted Lazarus's exploitation of DeFi protocols.
The U.S. Treasury Department introduced new sanctions against North Korea's cyber activities, adding 'Sinbad' to the Office of Foreign Assets Control's specially designated sanctions list. Sinbad has been implicated in laundering the cryptocurrencies stolen by the Lazarus Group.
The group is known to have used Sinbad's mixer services to hide the origins of the stolen funds. Such mixers obscure individual transaction trails by blending multiple users' transactions.
Lazarus Group's specialty is fund theft. In 2016, they hacked the Bangladesh Central Bank, stealing $81 million. In 2018, they hacked the Japanese cryptocurrency exchange Coincheck, diverting $530 million, and attacked the Central Bank of Malaysia, stealing $390 million.
#HackerAlert #LazarusGroup #stolencrypto #Stolen #hack
$XRP $SOL $SHIB
The hacker group stole the funds over the last six years, which was likely used to fund the country's projects, a report said.
North Korea-linked hacker organization Lazarus Group has stolen $3 billion in cryptocurrency over the past six years, according to a report by cybersecurity firm Recorded Future.
The report released on Thursday reveals that in 2022 alone, the group plundered $1.7 billion in cryptocurrency, likely to fund North Korean projects.
Blockchain data analysis firm Chainalysis indicates that out of this total, $1.1 billion was stolen from decentralized finance (DeFi) platforms. A September report published by the U.S. Department of Homeland Security (DHS) as part of its Analytic Exchange Program (AEP) also highlighted Lazarus's exploitation of DeFi protocols.
The U.S. Treasury Department introduced new sanctions against North Korea's cyber activities, adding 'Sinbad' to the Office of Foreign Assets Control's specially designated sanctions list. Sinbad has been implicated in laundering the cryptocurrencies stolen by the Lazarus Group.
The group is known to have used Sinbad's mixer services to hide the origins of the stolen funds. Such mixers obscure individual transaction trails by blending multiple users' transactions.
Lazarus Group's specialty is fund theft. In 2016, they hacked the Bangladesh Central Bank, stealing $81 million. In 2018, they hacked the Japanese cryptocurrency exchange Coincheck, diverting $530 million, and attacked the Central Bank of Malaysia, stealing $390 million.
#HackerAlert #LazarusGroup #stolencrypto #Stolen #hack
$XRP $SOL $SHIB
🚨 US Cracks Down on North Korean Hackers! 💥
The U.S. government is going after the notorious Lazarus Group, filing complaints to seize $2.67M in stolen crypto assets! 🔒💰 This bold move comes after a series of jaw-dropping hacks that rattled the crypto world.
🕵️♂️ Here’s the Breakdown:
💸 $1.7M USDT snagged from the 2022 Deribit hack ($28M lost total)
🔍 Hackers used Tornado Cash and Ethereum addresses to cover their tracks.
🎲 $970K BTC.b looted from Stake.com in 2023, contributing to a massive $41M loss!
But it doesn’t stop there! 👀 The Lazarus Group has reportedly infiltrated 25+ crypto projects, including the recent $235M WazirX hack. 🚨
⚠️ FBI Alert: Be on guard for social engineering scams like fake job offers! Lazarus is using these tactics to deploy malware and siphon off your digital assets. 😡
💬 Is the government’s move enough to stop these cybercriminals? Share your thoughts below and let’s keep the discussion going! 🔥 #Binance #CryptoSecurity #LazarusGroup
The U.S. government is going after the notorious Lazarus Group, filing complaints to seize $2.67M in stolen crypto assets! 🔒💰 This bold move comes after a series of jaw-dropping hacks that rattled the crypto world.
🕵️♂️ Here’s the Breakdown:
💸 $1.7M USDT snagged from the 2022 Deribit hack ($28M lost total)
🔍 Hackers used Tornado Cash and Ethereum addresses to cover their tracks.
🎲 $970K BTC.b looted from Stake.com in 2023, contributing to a massive $41M loss!
But it doesn’t stop there! 👀 The Lazarus Group has reportedly infiltrated 25+ crypto projects, including the recent $235M WazirX hack. 🚨
⚠️ FBI Alert: Be on guard for social engineering scams like fake job offers! Lazarus is using these tactics to deploy malware and siphon off your digital assets. 😡
💬 Is the government’s move enough to stop these cybercriminals? Share your thoughts below and let’s keep the discussion going! 🔥 #Binance #CryptoSecurity #LazarusGroup
#COINCU
North Korean hacker group #BlueNoroff has been targeting cryptocurrency firms with a new malware campaign called "Hidden Risk" since April 2023. The campaign primarily exploits MacOS vulnerabilities, delivering malware through phishing emails with fake PDF links. Once opened, these PDFs download malware that gives hackers remote access to victims' systems, enabling them to steal sensitive data, including private keys for digital wallets.
The #FBI and #CISA have issued warnings about ongoing threats from North Korean hackers, particularly BlueNoroff, which has long targeted the crypto industry. In recent months, the group has increased its efforts, including using fake domains to further deceive and extort victims. This campaign follows a pattern of cyberattacks linked to the #LazarusGroup , which is also associated with high-profile cybercrimes.
North Korean hacker group #BlueNoroff has been targeting cryptocurrency firms with a new malware campaign called "Hidden Risk" since April 2023. The campaign primarily exploits MacOS vulnerabilities, delivering malware through phishing emails with fake PDF links. Once opened, these PDFs download malware that gives hackers remote access to victims' systems, enabling them to steal sensitive data, including private keys for digital wallets.
The #FBI and #CISA have issued warnings about ongoing threats from North Korean hackers, particularly BlueNoroff, which has long targeted the crypto industry. In recent months, the group has increased its efforts, including using fake domains to further deceive and extort victims. This campaign follows a pattern of cyberattacks linked to the #LazarusGroup , which is also associated with high-profile cybercrimes.