North Korean Hackers Storm Play Havoc With Crypto Firms

North Korean Hackers Target South Korean Crypto Firms with New Malware

What’s the news

A North Korean Hacker group known as Kimsuky, has been using a new type of malicious software called "Durian" to attack cryptocurrency companies in South Korea. This Durian malware’s function resembles an installer and installs other powerful tools on the victimized machines. These tools include the backdoor called "Appleseed" and the proxy tool called LazyLoad.

Appleseed gives hackers the privilege to remotely control the infected computers and also steal private information, while LazyLoad allows them to use tools that can help them hide their tracks. It is worthwhile to mention that LazyLoad which is used by another North Korean hacking group called Andariel has been used by a larger group called Lazarus. Since 2009, Lazarus has been notorious for its role in cryptocurrency thefts. 

On 29 April 2024, an independent blockchain Sleuth ZachXBT, who is not affiliated with any governmental organization revealed that Lazarus laundered over $200 million in stolen cryptocurrency between 2020 and 2023. Lazarus has been reported to have stolen approximately $3 billion worth of cryptocurrency in six years, with the largest amount being taken in 2023. They were the ones who were responsible for the stealing of 17% of all the stolen cryptocurrency funds in that year, which was over $309 million in 2023. On December 28, hackers exploited around $1.8 million worth of crypto which was lost as per the previous year's report.

Malicious Software that Exploited Cryptocurrency Firms

Durian Malware

This is a new type of software developed by the North Korean hacking group known as Kimsuky which is used to attack the South Korean targets. The sanctions are imposed on cryptocurrency companies located in South Korea. Durian is like a program that installs other harmful programs on the targeted computers. These tools include the backdoor "Appleseed", a custom proxy tool known as "LazyLoad" and other authorized tools such as "Chrome Remote Desktop".

Appleseed

This is a backdoor installed by Durian malware. A backdoor is a hidden way into a computer system that allows hackers to get into this system without authorization. Through the Appleseed exploit, the hackers may be able to remotely control the infected computer, execute commands, download additional files, and steal confidential data. The hackers take over the machine and steal everything stored on it through Appleseed.

LazyLoad

LazyLoad is a tool that Durian malware installs as well. This is a custom proxy tool that hides the hacker's activities. Another hacking group known as Andariel was also using it as well as a part of the Lazarus Group which is much larger and more established. LazyLoad is a way for them to keep their activities away from the public eye.

The impact of these malicious software

The fact that North Korean hackers have been using malware such as Durian, AppleSeed, and LazyLoad against South Korean cryptocurrency companies should be a cause for concern. These tools enable hackers to get into a system without authorization, steal confidential information, and cause monetary losses.

Prevention from malicious software

• Keep all software and safety systems up-to-date.

• Employ strong passwords and multi-factor authentication.

• Do not click on those emails and links that are not trustworthy and unauthentic

• Frequently store critical information.

• Implement cybersecurity best practices through firewalls, intrusion detection systems, and antivirus software.

Conclusion

The essentialities that Coin Gabbar has pointed out from the news is that the Durian malware and the connection of this malware to North Korean hacking groups like Kimsuky and Lazarus is proof of the ongoing cyber threat to these firms. It highlights the necessity of strong cybersecurity measures and intensive scrutiny to counter such attacks. These organizations need to have robust cybersecurity mechanisms and keep a close watch against them. Partnerships among cybersecurity firms, governments, and cryptocurrency companies are necessary to realize an efficient way of tackling these concerns.

Also Read: Musk’s Deepfake Video Leads To Crypto Fraud In Hong Kong