Monday, June 7, 2021

North Korean hackers may have stolen up to half a billion dollars in cryptocurrencies so far

As we learn from a publication by The Next Web, the infamous Lazarus group, often associated with North Korean territory, may have become [...] https://www.pinterest.com/pin/1085437947660215829/

As we learn from a publication by The Next Web, the infamous Lazarus group, often associated with North Korean territory, may have been behind up to 5 of the 14 largest hacking attacks on cryptocurrency exchanges conducted since the beginning of 2017.   As we learn from a publication by The Next Web, the infamous Lazarus group, often associated with North Korean territory, may have been behind up to 5 of the 14 largest hacking attacks on cryptocurrency exchanges conducted since the beginning of 2017.   The authors of the article, published on thenextweb, cite a forthcoming annual report on current trends in cutting-edge cybercrime techniques by respected cybersecurity firm, Group-IB.   The report in question cites 14 attacks on cryptocurrency exchanges since January 2017. As a result, the equivalent of up to $882 million may have fallen prey to hackers. The authors of the document attribute five of them to the Lazarus group, claiming that it could have stolen the equivalent of about $571 million in cryptocurrencies this way.   Among the listed attacks that Lazarus group may have been behind, Group-IB specialists also mention the one from January this year, targeting Japanese platform Coincheck. In one of the largest thefts of its kind in history, hackers may have managed to move as much as $534 million in NEM cryptocurrency out of the exchange's addresses.   The other four exchanges to fall victim to the Lazarus hackers are, interestingly, exclusively from South Korea, they are: Yapizon ($5.3 million stolen; April 2017 attack), Coinis (September 2017 attack), YouBit (17% of total exchange assets stolen; December 2017), and Bithumb ($32 million, June 2018).   As the Group-IB report notes, hackers targeting cryptocurrency exchanges tend to use traditional tools such as spear phishing, social engineering and malware.   Spear phishing remains a major vector for attacks on corporate networks. For example, fraudsters deliver malware under the guise of a spam CV [with an attachment] that contains malware embedded in the document. After gaining access to the local network, hackers scour it for [work] stations and servers used to work with private wallet keys," the report reads.   Group-IB predicts an increase in attacks on cryptocurrency exchanges in the near future, not just those blamed on the Lazarus group. Experts warn that the most aggressive groups of hackers, so far known for their attacks on banks, encouraged by the possibility of lucrative profits, will now turn their attention to cryptocurrency platforms.   The report also reveals that tokens distributed during ICOs (Initial Coin Offerings) are also falling prey to hackers. In the last 18 months it was as much as 10 percent of all funds coming from this type of distribution. Most of the thefts of this type occur with the use of tools such as phishing, and the largest hacker groups are able to use them to steal the equivalent of up to $ 1 million per month.   Cyber crooks are also becoming more inventive, and their target doesn't have to be cryptocurrency funds directly. Group-IB's analysis also reveals cases of records being stolen from databases, then sold on platforms on the Darknet, or used to blackmail cryptocurrency holders.   Criminals also sometimes go so far as to create fake ICO distributions using stolen project specification documents (whitepaper) posted on crafted, often impersonating genuine, web domains.   The earliest attacks associated with the Lazarus group date back as far as 2007. In the last decade, its actions were to include: espionage, DDoS attacks, attacks on international financial institutions and banks (including those in Poland), attacks on media stations, factories and factories, mainly in countries such as South Korea, India, China, Brazil, Russia and Turkey.   The nature of advanced cyber-attacks does not allow to determine with 100% certainty where, how and by whom they were carried out, however, many analyses conducted in that direction, including the one carried out by Kaspersky Lab, lead to associate Lazarus group mainly with the territory of North Korea.   The group may also have had a hand in the famous November 2014 hacking attack on Sony Pictures servers. Lazarus is sometimes also linked to the famous WannaCry attack, of which up to more than 300,000 computers in nearly 100 countries may have fallen victim. A 2017 report by Symantec experts called this type of scenario "highly likely."   Tags attack

No comments:

Post a Comment