report
The North Korean hacker group Lazarus is still focused on the cryptocurrency business and is applying new tactics, antivirus company Kaspersky Lab said in a new report .
The company has discovered that a group of cyber attackers, which is associated with the authorities of North Korea, has begun to conduct a new type of operation since last November. Hackers use Microsoft's open source PowerShell, an extensible automation tool from Microsoft, to manage Windows systems and macOS malware for Apple.
Lazarus has developed its own PowerShell scripts that interact with malicious C2 servers and execute operator commands. The script names of the C2 server are masked as WordPress files, as well as other popular open source CMS files. After creating a malware management session on the server, it can download and upload files, update the malware configuration, and collect basic host information.
Kaspersky Lab stressed that the Lazarus APT group is aimed at financial institutions, especially cryptocurrency exchanges . The company recommended that industry representatives observe the following precautions:
“If you are part of a thriving cryptocurrency industry or technology start-ups, be especially careful when working with new third parties or when installing software on your systems. It is best to check for new software using antivirus software, or at least use popular free virus scanning services. And never activate macros in Microsoft Office documents from new or unreliable sources. ”
Recall that according to Group-IB, in 2017-2018, Lazarus hackers broke into 5 cryptobirds, including the Japanese Coincheck, which lost $ 534 million. According to UN experts, Pyongyang received $ 571 million in cryptocurrency using cyber attacks.
Publication date 27.03.2019
Share this material on social networks and leave your opinion in the comments below.
