Decrypted Dispatches #1
Be aware of the Lazarus Group if you invest in Crypto.
WEEKLY CRYPTO BYTES is now Decrypted Dispatches
The Lazarus Group, also known as Hidden Cobra, is a cybercriminal and espionage group believed to be backed by the North Korean government, and they are real. In recent years, one of the notable areas of activity for the Lazarus Group has been targeting cryptocurrency exchanges and financial institutions, which are considered an effort to circumvent international sanctions and obtain funds for the regime.
One notable cryptocurrency-related operation attributed to the Lazarus Group is the attack on the South Korean cryptocurrency exchange Youbit in December 2017. The attack resulted in the theft of a significant amount of cryptocurrency, leading the exchange to bankruptcy.
FBI confirmed that the North Korean malicious cyber actor group Lazarus (also known as APT38) was responsible for stealing $100 million of virtual currency from Harmony’s Horizon bridge, reported on June 24, 2022.
According to PcRisk, AppleJeus is the name of a backdoor malware that the Lazarus group distributed. They spread this malicious software through a fake app disguised as a cryptocurrency trading application called Celas Trade Pro.
Some of the distinct modes of operation by Lazarus Group in cryptocurrency-related hacking include:
Spear Phishing
“Spear phishing” is a type of phishing campaign that targets a specific person or group and often includes information known to be of interest to the target, such as current events or financial documents.
This method sends targeted emails to individuals or organizations containing malicious attachments or links. The objective is often to trick the recipient into revealing sensitive information or to deploy malware on the user’s system.
Crypto phishing scammers often pose as customer support representatives of legitimate cryptocurrency exchanges or wallet providers. They send emails or messages to unsuspecting users, claiming an issue with their account or a pending transaction that requires immediate attention.
For instance, in 2017, researchers from cybersecurity firms like Secureworks identified a campaign by the Lazarus Group targeting employees of cryptocurrency exchanges with spear-phishing emails. When opened, these emails contained a Word document that would exploit a Microsoft Office vulnerability to install a remote access trojan (RAT) on the victim’s computer. Once installed, the RAT would give the attackers complete control over the victim’s machine, allowing them to steal cryptocurrency or other sensitive data.
Watering Hole Attacks
The group compromises legitimate websites related to cryptocurrency or other topics of interest to their target users and then attempts to exploit visiting users.
In 2017, the North Korean cybercrime “Lazarus threat actor group” infected websites that their targets were most likely to visit. These targets were from 104 organizations in 31 different countries. Most targets were financial institutions in Poland, Chile, the United States, Mexico, and Brazil.
Use of ‘Wipers’
In some cases, after successfully conducting a cyber heist, the group has used malware that wipes or overwrites data on the victim’s system.
Like many advanced persistent threat (APT) groups, Lazarus has a diverse toolkit, and it’s conceivable that they could deploy wipers either as a diversionary tactic or to cover their tracks after an operation and make forensic analysis challenging.
The one mantra in the crypto world that will keep your holdings protected from unauthorized access is a simple one.
“Not your keys, Not your crypto”.
Anyone serious about investing in crypto must ensure they can manage their private keys securely and safely. Using hardware wallets in crypto is the safest way to protect your cryptocurrencies.
Store significant cryptocurrencies in hardware wallets like Ledger Nano S, Ledger Nano X, or Trezor. They keep your private keys offline and safe from online hacks. Hardware wallets are much safer than any cryptocurrency exchange even though they are insured and legitimate and follow the best cyber security practices.
#CryptoWordoftheWeek
An advanced persistent threat (APT) is a well-resourced adversary engaged in sophisticated malicious cyber activity targeted at prolonged network/system intrusion. APT objectives could include espionage, data theft, and network/system disruption or destruction. APTs are usually sponsored by nation-states. APT38 is a North Korean state-sponsored threat group that specializes in financial cyber operations.
#CryptoNewsfromLastWeek
DeFi protocol Balancer’s front end under attack, $238K in crypto stolen
The platform notified its community on Sept. 19 at 11:49 pm UTC, urging users not to interact with the Balancer protocol until further notice.
Credits: This post has flavors of AI used in the making.
