Thursday, July 21, 2022

Lazarus Group - North Korean cybercrime

State-sponsored North Korean groups like Andariel, APT38, BlueNoroff, Guardians of Peace, Kimsuky, and Lazarus Group have had their US bounty doubled. The US State Department has upped its reward for information on cyber threat actors in North Korea from $5m to $10m. The Lazarus Group is behind many cyber attacks. The earliest attack was "Operation Troy", which took place from 2009–2012. This was a distributed denial-of-service attack (DDoS) targeting the South Korean government.
They were behind attacks in 2011 and 2013.

Advanced Persistant Threats are hackers with resources, are persistent and motivated.
Kaspersky linked a North Korean IP address to Lazarus. Over time, attacks from the group grew more sophisticated; their techniques and tools have become better and more effective. A March 2011 attack known as "Ten Days of Rain" targeted South Korean media, financial, and critical infrastructure. The Lazarus Group attacks culminated on November 24, 2014. The Sony Pictures hack was the biggest corporate breach in history. Cutting North Korean cyber crime off at the source became essential to the security of the US.
Security experts say the hackers have created malware to hack into their targets' phones.
The Lazarus Group was linked to an operation that saw Bangladesh Bank lose $81m to cyber thieves. They and others targeted SWIFT, an interbank payment system. The Lazarus Group has been targeting employees with spearphishing attacks in order to steal Bitcoin. Hackers use the lure of a job opening for top role at a cryptocurrency firm as part of their scheme. Microsoft Word attachments are embedded with malicious macros which create separate decoy documents when enabled. The macros then install first-stage Remote Access Trojans (RATs) inside victims' computers. Hackers use these to download additional malware to steal Bitcoin.