Connect with us

Security

Lazarus hackers maybe planning something very big

For the time being, it is essential to take ample precautions so that they do not succeed in their attempt.

hacker on computer security Chinese government
Image: Tech Everywhere

Lazarus hackers are an infamous cybercriminals group purportedly connected with the North Korean government.  During the first half of 2020, they have kept up with their cryptocurrency extortions. There are emerging reports from July that the group has developed new ransomware in North Korea that is intended to target huge organizations around the globe. 

In 2019, the programmers focused on numerous crypto exchanges, and their criminal operations were also reported by many sites—one of their significant assaults comprised of the creation of an anonymous trading bot. The bot was provided to the employees of DragonEX trade, as reported by bitcoins evolution app.

As per the information acquired in March 2019, Lazarus programmers stole nearly $7 million in different crypto groups from the cryptocurrency exchange of Singapore. Some very interesting facts are also provided here for more detail of this group. 

  • More attacks can take place – A month ago, a vendor called ‘Cyfirma cybersecurity’ cautioned that there is a high probability for the North Korean cybercriminals to start a very high-value digital currency phishing attempt. The attack may be directed on six nations, which can influence more than 5,000,000 people and organizations. However, for the time being, no affirmed signs are showing that the Lazarus programmers intend to start the major assault. At the same time, it also cannot be said with surety that such an attack will not happen. The only thing to do at the moment is to take guard and be ready for any eventuality. 
  • Some people have been identified – This group of hackers is also known to have siphoned off $571 million in cryptos since the beginning of 2017. It is as per the data provided by Group-IB. Information from Group-IB related to cyber-crime organization shows that a majority of the exchanges that were targeted by the hacker’s group are situated in South Korea. They include YouBit, Coinrail, and Bithumb. In March 2020, the US Department of the Treasury’s Office of Foreign Assets Control (OFAC) decided to list two people from China. These Chinese nationals were charged with cryptocurrency laundering charges for those cryptocurrencies that came from a crypto trade phishing attack in 2018. 
  • Lazarus has produced new ransomware – An examination performed by Kaspersky and whose discoveries were distributed on July 28, 2020, demonstrate that Lazarus has come up with new ransomware. The name of this new malware is Virtual Hard Disk (VHD). It is intended to focus on the interior systems of organizations that work in the financial space. 

At whatever point the encryption procedure gets interrupted, VHD puts in a mechanism that can start its malice operations. In situations where more than 16MB of records are included, then the ransomware holds all the latest cryptographic information on its hard drive, in the form of cleartext. That data and information are not erased safely later on. It implies that there may be a chance of getting back a portion of these documents. 

  • There are already some insights on VHD – Security awareness companies have studied their modus operandi and have come to know the process in which VHD operates within a system. The information procured by Kaspersky mainly states that the VHD ransomware is not a complete business off-the-rack item. Since the Lazarus bunch is the main proprietor of the MATA structure, at that point, The VHD ransomware is held, operated, and overseen by the Lazarus hackers because the group is also the sole owner that has exclusivity over the MATA framework. 
  • The Lazarus group works in solo mode – Specialists at Kaspersky have tried to figure out the potential purposes for Lazarus’ choice to work solo operations. Lazarus hackers primarily attack organization systems and focus on encrypting their information. Once they start their assaults effectively, they try to receive crypto-based payments from the victim, and in the majority of cases, they ask for payments to be made in Monero (XMR).

It is not as if the law enforcement agencies do not have an inkling of their operations. There are ample evidence and proof of their involvement in many malicious deals, and it can be said with certainty that very soon, this hacker’s group will be properly identified, and all their activities stopped. For the time being, it is essential to take ample precautions so that they do not succeed in their attempt.

Have any thoughts on this? Let us know down below in the comments or carry the discussion over to our Twitter or Facebook.

Editors’ Recommendations:

Comments

More in Security