Lazarus crypto-hackers back? A study by Microsoft suggests so

Lazarus is back – Despite the general decline in the market, the ecosystem is off cryptocurrencies is valued at hundreds of billions of dollars. Faced with such an amount, it is a playground for hackers and fraudsters of the whole world. Among them, the North Korean hacker group continues to operate.

Microsoft reveals a new type of attack

Since their creation, cryptocurrencies have been linked to criminal activities on numerous occasions. Originally, these were mainly used by hackers in the case of ransomware-type malware.

But in the face of the development of the ecosystem it is crypto projects and companies who began to be targeted by these criminals. Whether through fraud, exploitation of vulnerabilities or through phishing attackcryptocurrencies are often the target of malicious users.

In a publication dated December 6, Microsoft reveals a new type of attack. This was committed by a called unit DEV-0139 by Microsoft.

This new type of attack takes place on the application Telegram. Thus, DEV-1039 joins Telegram’s discussion channels, especially those created to facilitate communication between VIP customers and exchange platforms. These conversations are an ideal place to identify potential victims.

Subsequently the attacker passing by for a representative of an investment company specializing in cryptocurrencies.

“In October 2022, he invited a target to another chat group and pretended to ask his opinion on the pricing structure used by cryptocurrency exchanges. »

>> For your crypto purchases, register on the eToro platform (commercial link) <

Malware disguised as an Excel file

Once the victim’s trust was gained, DEV-0139 sent an Excel document titled “OKX Binance & Huobi VIP Fee Comparison.xls”. Although the file, when opened, looks completely legitimate, the reality is quite different.

In fact, its opening triggers a series of malicious acts. Without going into details, this simple Excel file allows the attacker to download other files to the infected machine. Once the process is complete, the attacker is able to take remote control from the infected machine.

Diagram explaining how the attack proceeds.
Diagram explaining how the attack proceeds.

In practice, the criminals behind this attack mainly target crypto investment funds.

The Lazarus group behind the attack?

In practice, the method used by DEV-0139 appears to be similar to that used by the North Korean hacking group Lazarus.

Thereby, Volexity recently released a report on a AppleJeu’s malware variantby utilizing Microsoft Office documents.

According to their study Lazarus group would be the source of this malware. Therefore, the similarities between the two MOs suggest that Lazarus is also behind the DEV-0139 attack.

These revelations suggest that we may have found the origin of Bo Shen’s hack. Take effect, this employee of the investment fund Fenbushi Capital had been hacked for 42 million dollars.

Hacks are unfortunate hazards, but not inevitable. Any investment involves risk. As a well-informed investor, have you done your own research and decided to take the plunge? Current prices are an opportunity to add a few satoshis to your wallet! To do this, sign up on eToro (commercial link).

Leave a Comment