Lazarus: crypto theft via Telegram, from Korea
Digital economy Fintech cryptocurrencies
The action of the North Korean group Lazarus has evolved, but the purpose does not change: to hit the systems of the victims and steal cryptocurrencies.
We have already written on these pages about the activity of the Lazarus group from North Korea in recent months in relation to the allegations made by the United States regarding ransomware and attacks whose goal is to raise funds by stealing cryptocurrencies from companies and organizations. Today we go back to doing it because according to Kaspersky his approach has evolved.
Buy and sell cryptocurrencies today – open your account on.
Cryptoassets are not regulated in some EU countries and the UK. No consumer protection. Your capital is at risk.
Ransomware: Lazarus and Operation AppleJeus Sequel
The Russian software house has christened the new strategy as Operation AppleJeus Sequel, a sort of 2.0 version of the campaign already in place between 2018 and 2019, capable, according to United Nations estimates, of raising over two billion dollars less than a year (data updated to last August).
Now cybercriminals seem to have chosen to act in an even more subtle way than in the past, more cautiously and following a modus operandi designed so as to go unnoticed during the action and then leave the least possible volume of traces. How? For example, by running the malicious code directly inside the memory of the affected computers rather than by running a file previously introduced on the hard disk.
One of the tools used to carry out the attacks and reach out to virtual currencies is now Telegram, the famous messaging application widespread especially among those more attentive to privacy. In short, Lazarus creates fake trading companies by drawing the attention of potential victims to their sites and then directing them into chat groups through which to distribute malware or ransomware. Doing so would have already affected companies and institutions in the territories of the United Kingdom, Poland, Russia and China.
Finally, we recall that according to the thesis supported by the US government, one of the objectives of Lazarus (a team believed to be under the control of the Reconnaissance General Bureau, the North Korean intelligence agency) would be to illegally collect funds to be allocated to the missile program. on the pitch from Pyongyang.