North Korea-backed Lazarus hacker group continues to target crypto

27 Mar, 2019
by Joeri Cant
North Korea-backed Lazarus hacker group continues to target crypto

According to the latest update from cybersecurity and anti-virus company Kaspersky Lab, the cybercrime group Lazarus is continuing to adopt new tactics in their ongoing attempt to hack cryptocurrencies.

A new report from cybersecurity and anti-virus company Kaspersky Lab revealed that the alleged North Korea-backed cybercrime group Lazarus is still targeting cryptocurrencies.

'It’s hardly news to anyone who follows cyberthreat intelligence that the Lazarus APT group targets financial entities, especially cryptocurrency exchanges. Financial gain remains one of the main goals for Lazarus, with its tactics, techniques, and procedures constantly evolving to avoid detection', the report reads.

Kaspersky Lab points out that hacker group Lazarus has continued to target cryptocurrencies with a new operation since last November, in which the hackers use PowerShell that allows them to manage and control Windows and macOS malware.

'They have developed custom PowerShell scripts that communicate with malicious C2 servers and execute commands from the operator. The C2 server script names are disguised as WordPress (popular blog engine) files as well as those of other popular open source projects'

Kaspersky urges crypto traders and investors to exercise extreme caution.

'If you’re part of the booming cryptocurrency or technological startup industry, exercise extra caution when dealing with new third parties or installing software on your systems. Never ‘Enable Content’ (macro scripting) in Microsoft Office documents received from new or untrusted sources…”

Read more: Ryuk ransomware scheme nets over 705 BTC in five months

In December of last year Chepicap reported that although cryptocurrency exchanges continuously improve their security measures, over 30 individuals have been preyed upon by the North Korean hackers group since April 2018.

A huge proportion of the cryptocurrency-based security breaches of the last year or so have been carried out by the Lazaru hacker group, who may be gathering funds to help the state cope with international sanctions. This one hacker group alone may be responsible for almost half of all exchange hacks since the start of 2017.

In October Chepicap reported that the same group was responsible for stealing a total of $571 million worth of crypto.

The largest single successful attack attributed to the state-sponsored North Korean hackers was on Japan's Coincheck exchange. At the height of the cryptocurrency bull market and around the time of the Bitcoin ATH price, Lazarus stole NEM from the exchange worth $534 million. Lazarus was also apparently responsible for this year's hack of South Korea's Bithumb exchange, stealing $32 million in a number of different cryptos.

Read more: Lazarus, the most prolific hacking group in North Korea, have stolen $571 million

5 BRAND NEW Bitcoin price predictions! Subscribe to the Chepicap YouTube Channel for more videos!

Follow Chepicap now on Twitter, YouTubeTelegram and Facebook!

Chepicap is here for you 24/7 to keep you informed on everything crypto. Like what we do? Tip us some Satoshi with the exciting new Lightning Network tool!


Read more: How to tip and receive Bitcoin via the Lightning Network with


Have you been impacted by a hacker?

(21 votes)

Add a comment

Check out the latest news

You will be logged out and redirected to the homepage