Kaspersky’s report reveals new tactics used by North Korean crypto hackers

2024-5-14 11:41

North Korean hackers deploying “Durian” malware targeting South Korean crypto firms. The resurgence of dormant hackers like Careto underscores the evolving cybersecurity landscape. Hacktivist groups like SiegedSec escalate offensive operations amidst global socio-political events.

The first quarter of 2024 has proven particularly eventful, with notable findings and trends emerging from the frontline of cyber security. From the deployment of sophisticated malware variants to the resurgence of long-dormant threat actors, the landscape of cyber threats continues to shape-shift, presenting new challenges for security experts worldwide.

A recent report by the Global Research and Analysis Team (GReAT) at Kaspersky made a striking revelation shedding light on the activities of various advanced persistent threat (APT) groups.

The Durian malware targeting South Korean crypto firms

Among the findings made by GReAT is the emergence of the “Durian” malware, attributed to the North Korean hacking group Kimsuky. It has been used to target South Korean cryptocurrency firms and it has a high level of sophistication, boasting comprehensive backdoor functionality.

The Durian malware’s deployment marks a notable escalation in the cyber capabilities of Kimsuky, showcasing their ability to exploit vulnerabilities within the supply chain of targeted organizations.

By infiltrating legitimate security software exclusive to South Korean crypto firms, Kimsuky demonstrates a calculated approach to circumventing traditional security mechanisms. This modus operandi highlights the need for enhanced vigilance and proactive security strategies within the cryptocurrency sector, where the stakes are exceptionally high.

The connection between Kimsuky and the Lazarus Group

The Kaspersky report further unveils a nuanced connection between Kimsuky and another North Korean hacking consortium, the Lazarus Group. While historically distinct entities, the utilization of similar tools such as LazyLoad suggests a potential collaboration or tactical alignment between these crypto-threat actors.

This discovery underscores the interconnected nature of cyber threats, where alliances and partnerships can amplify the impact of malicious activities.

Resurgence of dormant crypto hacking groups

In parallel, the APT trends report reveals a resurgence of long-dormant threat actors, such as the Careto group, whose activities were last observed in 2013.

Despite years of dormancy, Careto resurfaced in 2024 with a series of targeted campaigns, employing custom techniques and sophisticated implants to infiltrate high-profile organizations. This resurgence serves as a stark reminder that cyber threats never truly disappear; they merely adapt and evolve.

Other crypto hacking groups terrorising the world

The Kaspersky report also highlights the emergence of new malware campaigns targeting government entities in the Middle East, such as “DuneQuixote”. Characterized by sophisticated evasion techniques and practical evasion methods, these campaigns underscore the evolving tactics of threat actors in the region.

There is also the emergence of the “SKYCOOK” implant utilised by the Oilrig APT to target internet service providers in the Middle East.

Meanwhile, in Southeast Asia and the Korean Peninsula, the activities of threat actors like DroppingElephant continue to pose significant challenges. Leveraging malicious RAT tools and exploiting platforms like Discord for distribution, these actors demonstrate a multifaceted approach to cyber espionage. The use of legitimate software as initial infection vectors further complicates detection and mitigation efforts, highlighting the need for enhanced threat intelligence and collaboration among stakeholders.

On the hacktivism front, groups like SiegedSec have ramped up their offensive operations, targeting companies and government infrastructure in pursuit of social justice-related goals. With a focus on hack-and-leak operations, these groups leverage current socio-political events to amplify their message and impact.

The post Kaspersky’s report reveals new tactics used by North Korean crypto hackers appeared first on CoinJournal.

Similar to Notcoin - Blum - Airdrops In 2024

origin »

North Korean Won (KPW) на Currencies.ru

$ 0 (+0.00%)
Объем 24H $0
Изменеия 24h: 0.00 %, 7d: 0.00 %
Cегодня L: $0 - H: $0
Капитализация $0 Rank 99999
Доступно / Всего 0 KPW

korean hackers like crypto north landscape hacktivist

korean hackers → Результатов: 126


The international sting operation aimed at apprehending North Korean cryptocurrency hackers is detailed within.

A joint team of South Korean spies and American private investigators gathered at the South Korean intelligence service to track $100 million stolen from California cryptocurrency firm, Harmony. The team had been waiting for North Korean hackers to move the stolen crypto into accounts that could be converted to dollars or Chinese yuan, hard currency […] Сообщение The international sting operation aimed at apprehending North Korean cryptocurrency hackers is detailed within. появились сначала на Coinstelegram.

2023-4-10 12:48


North Korean Hackers Pose As VC Firms And Banks To Steal Millions From Crypto Startups

North Korean hackers are taking it a notch higher by pretending to be venture capitalists to steal from cryptocurrency startups. BlueNoroff, the name given by cybersecurity experts to a crew associated with the North Korean government-funded hacking operation Lazarus Group, has expanded its target list to include venture capital firms, cryptocurrency startups, and banks, a report by cybersecurity […]

2022-12-29 13:39


Hackers Mess With South Korea’s YouTube Channel To Play Elon Musk Crypto Video

According to local media sources, the official South Korean government YouTube channel was hacked on Saturday to show a video of SpaceX CEO Elon Musk discussing cryptocurrencies. Yonhap News reports that once the hackers gained access to this channel’s controls, they renamed it “SpaceX Invest” to make it appear to be affiliated with Musk’s aerospace […]

2022-9-5 17:50


North Korea Retains Lead In Crypto Crimes, Over $1.5 B Stolen

Indeed, the crypto-space has become the favorite place for cybercriminals worldwide for some years, but some countries are more prolific than others. Similarly, continuous cyber-attacks on crypto-oriented businesses by North Korean hackers have set it at the top of the list of five leading countries in crypto crimes 2022, per the report of Coincub published […]

2022-6-30 23:00