A group of North Korean hackers named “Lazarus” have targeted several crypto exchanges last year, kept their crypto extortion efforts alive in 2020.
It has been reported by Chainalysis that one of the attacks involved the creation of a fake trading bot that was offered to employees of the DragonEx exchange.
However, findings show that in March 2019, the hackers stole approximately $7 million in various cryptocurrencies from the Singapore-based exchange.
In June, cybersecurity vendor Cyfirma warned about a massive crypto phishing campaign that could be launched by the North Korean hacker group.
It has been analyzed that the campaign will allegedly target six nations and over 5 million businesses and individuals. For now, there are no confirmed signs that the team plans to proceed with this massive attack.
New ransomware targets bigger companies in an effort extort significant amounts of money from victims, reports @conexiondigicol https://t.co/hDB5wjtm1L — Cointelegraph (@Cointelegraph) July 28, 2020
According to a study conducted by cybercrime company Group-IB, the hacker group is also known to have stolen a staggering $571 million in cryptocurrencies since early 2017.
On July 28, a study performed by the antivirus maker and malware lab, Kaspersky, announced that new ransomware had been created by Lazarus. This new threat, known as VHD, mostly targets the internal networks of companies in the economic sector.
James McQuiggan, the Security Awareness Advocate at KnowBe4, explained:
“A VHD, or Virtual Hard Disk, is a similar concept to that of a USB drive. Instead of physically inserting the USB drive into the port on a computer, the VHD file can be downloaded onto a system to launch the ransomware attack process. For cybercriminals, they don’t need physical access, just electronic access to download the file. This type of attack requires access to the systems. By exploiting external and vulnerable infrastructure or systems, they gain the access needed.”
Thus, the report said that Lazarus usually breaches a company’s network to encrypt their data. They then proceed to ask victims for a crypto-based ransom, with a preference for Monero (XMR).