Did You Know About The Hacking Group Behind More Than Half Of Crypto Hacks?

The crypto space has been victim to many illegal hacks similar attacks over the years, which in turn also leads to an antagonistic attitude amongst those who are anyway apprehensive about the decentralized nature of cryptocurrencies. Digital crime is also carried out by gangs, with elaborate structures and cyber attack tactics.

Kaspersky, a cybersecurity and anti-virus company, on 26th March published a report which revealed that the cybercrime group, allegedly sponsored by North Korea, called Lazarus is responsible for more than half of all crypto hacks since 2017, and continue to target cryptocurrencies and adopt new tactics to this very date.

Lazarus had been in the news for stealing $571 million of the $882 million in cryptocurrency stolen from online crypto exchanges from 2017-2018. This obscene amount accounts for almost 65% of crypto stolen from exchanges during this period.

Data from the Group-IB annual report on cybercrime trends reveals that out of the 14 separate exchange hacks, 5 of them were attributed to the Lazarus group. Among these exchanges was the record-breaking $532 million NEM (XEM) hack from Japan’s Coincheck crypto exchange.

The report which was published by Kaspersky Lab, the alleged state-sponsored hacking group has been active with a new type of hacking operation since last November. This new initiative allegedly involves the use of PowerShell, a task automation and configuration management framework which allows the hackers to control Windows and macOS malware.

Per the report, the hackers have developed custom PowerShell scripts that communicate with malicious C2 servers and execute commands from the operator. The C2 server scripts are disguised as popular open-source projects such as WordPress files and others.

Once the malware control session is established with the server, the malware functionality includes:

Having been published the report, Kaspersky Lab is now advising participants not to get involved in the cryptocurrency and fintech sector to remain cautious and exercise best practices to prevent malicious software from being downloaded.

Per the report, they said:

“If you’re part of the booming cryptocurrency or technological startup industry, exercise extra caution when dealing with new third parties or installing software on your systems… And never ‘Enable Content’ (macro scripting) in Microsoft Office documents received from new or untrusted sources.”

All in all, the cryptocurrency and fintech industry still has a ways to go before the proper infrastructure is built to prevent digital hacking groups like Lazarus from stealing cryptocurrency. However, just like the Wild West was eventually tamed, the crypto industry will be as well.