Lazarus group conducting malware attacks to steal Bitcoins

Bitcoin’s price set a new record on Saturday when it reached USD 19,000 a piece and it looks like North Korea is trying to take full advantage of it. According to security researchers at SecureWorks, the infamous Lazarus group known for their links with the North Korean government has been busy targeting cryptocurrency platforms by conducting a spearphishing campaign.

Lazarus was previously in news for targeting banking giants around the globe while their latest attacks are targeting officials working at cryptocurrency firms in which hackers send an email containing a Word file as an attachment. The email tells the victim that in order to view the file they need to enable editing. Once that is done, the document installs a malicious macro on the device that further loads a Trojan that lets attackers take control of the computer.

Lazarus group conducting spearphishing campaign to steal Bitcoins
Example document asking a user to enable editing.

According to a conversation with ZDNet, Rafe Pilling of SecureWorks; Lazarus group is sending tricky emails to officials claiming that a European based cryptocurrency firm is hiring for the position of Chief Financial Officer (CFO). While they are busy reading the document, the trojan steals their credentials and downloads additional malware.

SecureWorks researchers believe the campaign has been targeting unsuspecting users since 2016 however in November this year there has been an increase in these attacks. The company believes that the campaign is still actively targeting officials.

This is not the first time when North Korean state-sponsored hackers have been blamed for a sophisticated campaign against cryptocurrency industry. In September this year, South Korea blamed its neighbor after dozens of email accounts belonging to employees of four major bitcoin exchanges in South Korea were hit by phishing attacks.

In July 2017, hackers stole billions in S.Korean Won by hacking the 4th largest Bitcoin exchange Bithumb. In the attack, hackers used voice phishing technique to target Bithumb officials. However, the culprit behind the attack could not be identified.

Successful data breaches against cryptocurrency platforms

Bithumb breach: In July, Bithumb, one of the largest Bitcoin and Ether exchange platforms suffered a breach resulting in the theft of billions of South Korean Won.

CoinDash breach: In July again CoinDash (ISO), an Israeli cryptocurrency social trading start-up announced that its crowdfunding page was compromised during Token Sale event earlier today — As a result, hackers stole Ethereum worth $7 million.

Veritaseum breach: In July 2017 again, Veritaseum, another cryptocurrency platform announced that their Initial Coin Offering (ICO) suffered a data breach in which around US$8.4 million worth of Ethereum were stolen.

Parity Technologies breach: On July 20, 2017, unknown hacker stole $32 Million in Ethereum from 3 multisig wallets by exploiting a critical security flaw in its multi-signature wallet software.

Enigma Marketplace breach: In August this year, Enigma, a decentralized marketplace and cryptocurrency investment platform suffered a data breach in which hackers stole $500,000 in Ethereum. The hack took place when the firm was about to start the crypto token sale.

Tether hack: On November 19th, Tether, a start-up firm known for offering dollar-backed cryptocurrency suffered a data breach in which a whopping $30 million worth of tokens was stolen.

NiceHash Hack: on December 7, 2017, Cryptocurrency mining market NiceHash was hacked in which cybercriminals stole more than $70 million from the company’s wallet.

Read More: How to Safely Store Cryptocurrency – Review of 5 Safest Bitcoin Wallets

Waqas

Waqas Amir is a Milan-based cybersecurity journalist with a passion for covering latest happenings in cyber security and tech world. In addition to being the founder of this website, Waqas is also into gaming, reading and investigative journalism.