Multinational cybersecurity provider Kaspersky has announced that the notorious North Korean crypto-criminal group Lazarus is planning to release new ransomware.
Kaspersky is researching a new method of attacks.
The new threat, called VHD, is designed to combat the internal networks of companies in the economic sector. As to why a group of ransomware often resorted to working alone, Kaspersky researchers expressed their hypothesis:
We can only guess at the reason why they are now conducting single operations: perhaps they find it difficult to interact with the world of cybercrime, or perhaps they feel that they can no longer afford to share their profits with third parties.
Phishing for crypto-sensitive data.
It was reported that the infamous North Korean ransomware group Lazarus has several tricks. In fact, according to Cybirma CyberSecurity, Lazarus is preparing a huge phishing campaign targeting at least 6 countries, more than 5 million businesses and individual investors.
A report on the insidious scheme was released in June. There is currently no indication that a phishing campaign is unfolding, as it appears that the extortion group has not yet launched a massive phishing campaign.
In the past, a North Korean ransomware group operating under Lazarus has made a big impression on cybersecurity companies, accumulating more than $ 571 million in stolen cryptocurrencies since 2017. Lazarus is notorious for hacking cryptocurrency exchanges and continuing to keep them under control until the buyout.
Last year, according to Chainalysis, Lazarus carried out a digital Heist that amounted to $ 7 million in various cryptocurrencies.
Extortionists found the DragonEx cryptocurrency located in Singapore. To implement the scheme, Lazarus created a fake trading bot site that was offered to employees of the DragonEx exchange.
A North Korean criminal organization used a sophisticated phishing attack when a real website and related social networks were linked to a fake company called Proof of WFC. The defunct company was said to have created a Worldbit-bot, a trading robot that was then offered to DragonEx employees.
Finally, malicious software was installed on a computer with the private key of the DragonEx hot wallet, allowing a North Korean group to steal cryptocurrencies from the Singapore exchange.
Korea: military training or cybercriminals?
Preventing financial theft has been a constant problem for the longest time.
With a series of money-related attacks leading to a subsequent UN investigation last year, speculation continues to circulate around law enforcement agencies that the Democratic people’s Republic of Korea (DPRK) may be actively involved in coordinating cyber attacks, as they are reportedly training cybercriminals to identify and launder stolen funds stolen from financial institutions.