Lazarus still targeting cryptocurrencies by using new tactics

North Korea’s hacking group, dubbed Lazarus, is still targeting cryptocurrencies and continues to adopt new tactics, according to a new report from cybersecurity and anti-virus company, Kaspersky Lab.

The report mentions that allegedly state-sponsored hacker group, Lazarus, has been working on a new project since last November, in which hackers use PowerShell that allows them to take control of Windows systems and MacOS malware.


The Lazarus teams reportedly created “custom PowerShell that communicates with malicious C2 servers and run commands from the operator,” Kaspersky said. “The C2 server script names are disguised as WordPress files as well as those of other popular open source projects.”

Kaspersky points out that hackers are still actively targeting systems in cryptocurrency and fintech companies, and urges crypto-traders and investors to exercise caution when dealing with third parties or installing software on their systems.

“If you’re part of the booming cryptocurrency or technological start-up industry, exercise extra caution when dealing with new third parties or installing software on your systems… And never ‘Enable Content’ (macro scripting) in Microsoft Office documents received from new or untrusted sources.”

Previous attacks

As previously reported, the same group was responsible for $571m (£435m) of the $882m (£672m) in cryptocurrency that was stolen from online chances from 2017-2018, which almost accounts to 65% of the overall sum. Out of the 14 different exchange attacks, five were carried out by Lazarus, among which the NEM hack of Japan’s Coincheck was a record-breaker of $532m (£405m).

Earlier this month, Nikkei Asian Review reported that North Korea amassed $670m (£510m) in fiat and cryptocurrencies by conducting hacking attacks, where hackers targeted overseas financial institutions from 2015 to 2018 and purportedly used blockchain “to cover their attacks”.

Related Posts