North Korean hacker group stole $571 mn in crypto attacks

Amid growing crypto-jacking episodes, a North Korean hacking group called Lazarus has stolen cryptocurrencies worth more than half a billion dollars.

According to The Next Web that cited findings from the annual report of cybersecurity vendor Group-IB late on Friday, Lazarus was behind 14 hacking attacks on cryptocurrent exchanges since January 2017 -- stealing $571 million.

Lazarus is a hacking group which has been linked to a string of attacks against everything from banks to government agencies across the world.

Hackers targeted cryptocurrency exchanges with spear phishing, social engineering and malware.

"Spear phishing remains the major vector of attack on corporate networks. For instance, fraudsters deliver malware under the cover of CV spam [with an attachment] that has a malware embedded in the document," the findings showed.

Group-IB expects the number of targeted attacks on cryptocurrency exchanges to rise, and not just the ones from Lazarus.

Nearly 10 per cent of the total funds raised by Initial Coin Offering (ICO) platforms over the past year and a half have been stolen.

According to the report, large phishing groups are capable of stealing $1 million a month.

Fraudsters are even building fake websites using stolen cryptocurrency project descriptions and plagiarized white papers.

"Fraudulent phishing-schemes involving crypto-brands will only get more complex as well as cybercriminals' level of preparation for phishing attacks," the group warned.

Security researchers have claimed that North Korea-based advanced persistent threat (APT) groups are increasingly attacking financial institutions and Bitcoin exchanges.

There were on average five new threat samples every second that resulted in a massive 629 per cent growth in cryptojacking and other cryptocurrency mining malware in the first quarter of 2018.

The coin miner malware grew a stunning 629 per cent to 2.9 million in the first quarter of 2018, from around 400,000 total known samples in Q4 2017, said a recent report from global cyber security firm McAfee.

The Lazarus cybercrime group launched a highly sophisticated Bitcoin-stealing phishing campaign -- HaoBao -- which targeted global financial organisations and Bitcoin users.

When recipients open malicious email attachments, an implant would scan for Bitcoin activity and establishes an implant for persistent data gathering and crypto mining.

--IANS

na/vm