North Korean leader, Kim Jong-un, is reportedly backing a group of hackers. Their goal? Stealing cryptocurrencies like Bitcoin (BTC) using phishing scams. Sources indicate that the country has ramped up these efforts in an attempt to prevent a financial meltdown amid the COVID-19 crisis.
A report published on May 13 by the U.K. Mirror claims that the Lazarus group, a hacking syndicate with alleged ties to the North Korean state, could be launching a cybercrime campaign of advanced persistent threat, or APT, attacks.
Experts from Seoul-based firm, ESTsecurity, state that Lazarus is “increasingly engaging” in cybercrime activities in and out of South Korea. Still, they have also received reports that some attacks are being made internationally in countries like the United States.
Lazarus group represents a “serious threat”
The attacks are mainly aimed at people trading crypto, as the group sends malicious files that impersonate blockchain software development contracts.
Speaking with Cointelegraph, Brett Callow, threat analyst at malware lab, Emsisoft, explained that the group of hackers is also known as “HIDDEN COBRA”. He commented:
“The Lazarus Group, or HIDDEN COBRA, undoubtedly represent a serious threat and have been blamed for a number of significant security incidents including the WannaCry attack, the Sony breach, and the 2017 attacks on users of various cryptocurrencies. Some reports have claimed the group is North Korean and may be a state-sponsored actor, but this may or not be correct.”
Alleged ties with North Korea are difficult to verify
Callow warns that ascribing ties with the Lazarus Group to the North Korean government is “extremely difficult”. He points out that even if the claims are well-evidenced, they may “nonetheless be wrong.”
The hacking group, famous for allegedly hacking Sony Pictures over the release of the film “The Interview,” has been accused of stealing more than $570 million worth of crypto from exchanges.
In a press release on April 27, ESTsecurity warned:
“They are also engaging in cyber-espionage operations as well as activities designed to generate foreign currency.”
Latest developments around the hacking group
Cointelegraph has repeatedly reported some of the attacks allegedly carried out by the Lazarus group.
For example, on February 5, it was revealed that the hacking group created an elaborate trading bot to phish DragonEx exchange employees into installing a malware-infested application.
On March 5, it was announced that the U.S. Department of the Treasury’s Office of Foreign Assets Control, or OFAC, sanctioned two Chinese nationals accused of laundering cryptocurrency stolen in a 2018 crypto exchange hack, allegedly connected to Lazarus group.