Tactics used included spear-phishing emails as well as the use of fake mobile applications and companies, researchers noted. Trellix has followed North Korean-linked actors’ attacks on financial institutions-such as global banks, blockchain providers and users from South Korea–over the last few years. “Over time we have observed several methods North Korea has used to gain money,” Beek wrote “Although not as frequently observed as other groups, there have also been attempts made to step into the world of ransomware.” businesses with malware- and botnet-related attacks. In 2017, the FBI warned that the group was targeting U.S. Hidden Cobra, active since 2014, is believed to be the work of Lazarus Group. ![]() “Ever since then, the group has been active, compromising numerous victims.” agencies, led to a North Korean actor, dubbed ‘ Hidden Cobra,'” he wrote. “The investigation, performed by several U.S. Financial Attacks Raise SuspicionĪ significant precursor to linking Lazarus to VHD was an attempt by threat actors in February 2016 to transfer nearly US$1 billion through the SWIFT system towards recipients at other banks, according to the post by Trellix researcher Christian Beek. ![]() Researchers found that Bitcoin transactions and connections to code from ransomware previously used by the group make it likely that VHD, which emerged in March 2020, is the work of APT38, they said. ![]() However, Lazarus also appears to have been playing the ransomware game for at least a year, Trellix revealed in a blog post this week. The group is perhaps best known for its deftness at ripping off the crypto-currency market through money-laundering schemes to raise money for the North Korean government. Researchers at cybersecurity firm Trellix has been tracking attacks on financial institutions from what they believe is North Korea’s cyber army-which typically generate from Lazarus Group-for the last few years. Cryptocurrency thief Lazarus Group appears to be widening its scope into using ransomware as a way to rip off financial institutions and other targets in the Asia-Pacific (APAC) region, researchers have found.įinancial transactions and similarities to previous malware in its source code link a recently emerged ransomware strain called VHD to the North Korean threat actors, also known as Unit 180 or APT35.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |