Hacker Group Targets Cryptocurrency Exchanges with Advanced Technology

According to Kaspersky Lab, Lazarus, a criminal hacker group allegedly sponsored by the North Korean government, is persisting in its cyber attacks on cryptocurrencies. Kaspersky Lab specializes in antivirus and cybersecurity software and released the new information in a report from earlier this week. The company found that Lazarus was using a new technique to threaten internet users. Hackers with the group use PowerShell programs to take command of Windows and Mac OS malware. C2 scripts used by Lazarus allow the group to take command of the computer away from the operator. These types of scripts trick software into recognizing them as WordPress programs. Once loaded onto the computer, the scripts allow hackers to do multiple things, ranging from collecting information to uploading and downloading files.

Kaspersky Lab recommends that those who are involved in cryptocurrency take extra measures to ensure their safety when conducting trades. The company specifically recommends being wary of new third-parties and to only install software from reliable websites onto your computer. When opening Microsoft Office documents, Kaspersky Lab further cautions to only allow macro scripting from trusted sources. This is usually done by toggling the “Enable Content” tab.

Lazarus is one of the most notorious hacking groups in the world. In their campaign targeting cryptocurrencies, the group is reportedly responsible for the theft of $571 million to $882 million in 2017 and 2018. This amounts to 65% of all cryptocurrency stolen from online exchanges. Of last year’s 14 major cryptocurrency breaches, Lazarus was responsible for five. Lazarus made international headlines in January of 2018 when they stole $530 million from Coincheck, a Japanese exchange.

Lazarus was the subject of a recent exposé on Cointelegraph, a cryptocurrency news organization. The report claims that the North Korean government of Kim Jong-un has stolen about $670 million in hacks targeting cryptocurrency and fiat exchanges. The attacks began in 2015 and the perpetrators typically use blockchain technology to hide from authorities.