North Korean Hackers Target Crypto Firms with Durian Malware

As an analyst with extensive experience in cybersecurity and a focus on threat actors, I find the report from Kaspersky on the new North Korean malware “Durian” and its use by Kimsuky and the Lazarus Group deeply concerning. With my background, I understand the potential damage that such sophisticated attacks can cause to crypto firms and their clients.

According to the latest report from Kaspersky, a notorious group of hackers based in North Korea has carried out cyberattacks against South Korean cryptocurrency companies. The assaults were executed utilizing a novel malware named “Durian.”

The newest trends in Advanced Persistent Threats (APT) for the first quarter of 2024 have been published and feature insights into intriguing APT actions detected during this period. Notable findings include the return of Careto APT, hacktivist activities, and many other significant developments. [Read the complete report here](full report link).— Kaspersky (@kaspersky) May 9, 2024

Kimsuky employed Durian as a weapon to attack the networks of two cryptocurrency firms. By harnessing unique security software, they launched numerous malware attacks. Among these were the “AppleSeed” backdoor and LazyLoad proxy tool. These tools granted unauthorized command execution, file downloads, and data extraction.

Expert: Kaspersky has reported that the infamous cybercrime group Lazarus, specifically its subunit Andariel, employed the use of LazyLoad in their activities. More recent disclosures indicate that Lazarus illegally laundered approximately $200 million worth of cryptocurrency between 2020 and 2023, bringing their total ill-gotten gains to over $3 billion within a six-year span.

In the year 2023, Lazarus, a notorious hacking group believed to be based in North Korea, managed to steal over $309 million in cryptocurrencies. This substantial heist was a part of the staggering $1.8 billion that were stolen from the crypto industry through hacks during that year. This alarming figure underscores the serious security risk posed by North Korean hackers to the integrity of the crypto market.

The discovery of advanced malware like “Durian” employed by North Korean cybercriminals highlights the urgent requirement for strong cybersecurity defenses within the cryptocurrency sector.

Read More

2024-05-13 08:52