Register on the Bybit exchange and receive a bonus of $4000.
Kryptowaluty

North Korean hackers Kimsuky deployed malware to attack crypto companies

This attack underscores the growing threat from cryptocurrency-related cybercrime and the need to strengthen security measures across the industry.

Date: 2024-05-13 Author: Marek Stiller
North Korean hackers Kimsuky deployed malware to attack crypto companies

According to reports, the notorious North Korean hacking group Kimsuky, also known as APT43, carried out cyber attacks on two South Korean crypto companies using previously undocumented Golang-based malware called – Durian.

According to findings by cybersecurity solutions giant Kaspersky, Durian features “comprehensive backdoor functionality.” This feature allows it to execute supplied commands and download additional files.

The attacks reportedly took place between August and November 2023 and involved a South Korean software exploit designed to gain initial access.

CTA
Sign up for ByBit

“Based on our telemetry, we have identified two victims in South Korea’s cryptocurrency sector. The first compromise was made in August 2023 and the second in November 2023.”
Once the malware was installed and started running on the victim’s systems, Durian deployed additional tools, including Kimsuky’s AppleSeed backdoor and a custom proxy tool called LazyLoad.

Interestingly, the LazyLoad tool links to Andariel, a subgroup of the notorious Lazarus. This also raises suspicions of joint tactics by both North Korean threat groups, according to Hacker News.

Kimsuky is reported to have begun operations in at least 2012, and reports to the North Korean Reconnaissance General Bureau (RGB), the country’s military intelligence agency.

Kimsuky’s mail mafia

The Kimsuky group is well known for carrying out various phishing attacks via email to steal cryptocurrencies. According to police reports, a total of 1,468 people fell victim to crypto hackers between March and October 2023.

Among the victims were retired government officials involved in diplomacy, the military and national security. According to reports, the perpetrators sent what appeared to be credible phishing emails.

The state-backed hacking group had previously targeted Russian air and space defense companies, “taking advantage of the coronavirus pandemic.”

According to a report by Kommersant RT-Inform, the IT security division of Russia’s state technology agency Rostec noted that there was an increase in the number of cyber attacks on IT networks during the pandemic from April to September 2020.

CTA
Sign up for ByBit
Marek Stiller
Marek Stiller
Founder of the "Cryptocurrency for Beginners" channel on YouTube. He collaborates with Łukasz to form the Arena Trading group, while at the same time being passionate about blockchain technology. His knowledge and experience in the cryptocurrency industry help beginner investors better understand this dynamic market.
Register on the Bybit exchange and receive a bonus of $4000.
Get Bonus