Lazarus Group Hacking Methods Exposed by Security Report

2020-8-26 22:33

The infamous Lazarus Group is holding strong. They show no signs of slowing down. According to a new report, the sophisticated hackers, connected with the North Korean Government, have left behind evidence.

Methods of Operation

Earlier this month, an unnamed blockchain technology company was hacked by the Lazarus Group. This time, it was a systems administrator who fell for a phishing scam by giving up their LinkedIn password to bad actors.

The hackers were able to manipulate registry keys and gain access to the firm’s computers. Security firm F-Secure detailed the methods the hackers used in the attack and shared the results with the public.

The new F-Secure report uses intelligence gathered from various recent attacks to paint a picture of the Lazarus Group. The report identifies a certain pattern they say can help businesses protect themselves from further attacks.

Analysis of the attack found similarities in malware Tactics, Techniques, and Procedures (TTPs), and intelligence related to other attacks. The research matches details published by other security firms like Kaspersky and ESET.

Metadata from the hackers’ attacks | Source: F-Secure

The criminal group leverages spear-phishing attacks, custom malware, and native operating systems (OS) to reach its objectives. These techniques are sophisticated.

They require in-depth research and customization. Such attacks require patience and coordination. This makes them more dangerous but requires good organization, which sets Lazarus apart from other hackers.

Evidence

Though the Lazarus Group has not claimed ownership of many attacks, there appears good evidence that they were carried out by the same group.

The paper demonstrates consistent markers throughout the attacks. For example, certain author names in the metadata of malware files appear the same. Some files also have identical save dates and total file sizes. This suggests that they all came from the same source.

Lazarus Group’s infection chain | Source: F-Secure

What’s more, F-secure found similarities in the “chain of infection” the malware took. In other words, the sequence of files that became infected to ultimately take over the computer was very similar.

Hiding in Plain Sight

Interestingly, the Lazarus Group, though thorough, left behind a trail of bread crumbs. In analyzing command line sequences, F-Secure found that some commands in the code were ‘hidden’ from plain sight. They said,

Throughout F-Secure’s investigation it became evident that Lazarus Group was conscious to avoid detection and would remove evidence of their presence.

However, the Lazarus Group did not remove all traces of wrongdoing. The hackers took down anti-malware software using easily identifiable and unique commands.

This left the researchers with a calling card with which to identify the Lazarus Group. It’s F-Secure’s hope that by identifying these commands, companies will be able to prevent future attacks.

Despite the fact that the Lazarus Group attacks were detectable, F-Secure also concluded that their methods were changing over time. Said simply, the hackers are learning from their mistakes. The firm is thought to be operating since at least 2017 and remains concentrated on the lucrative cryptocurrency industry.

A separate though similar attack occurred when a teenage hacker used spear phishing to access several high profile Twitter accounts last month.

Earlier this year, the US Treasury Department sanctioned two Chinese nationals in connection with a Lazarus Group malware attack on an Indian power plant.

The post Lazarus Group Hacking Methods Exposed by Security Report appeared first on BeInCrypto.

Similar to Notcoin - Blum - Airdrops In 2024

origin »

Lazarus (LAZ) íà Currencies.ru

$ 0 (+0.00%)
Îáúåì 24H $0
Èçìåíåèÿ 24h: 0.00 %, 7d: 0.00 %
Cåãîäíÿ L: $0 - H: $0
Êàïèòàëèçàöèÿ $0 Rank 99999
Äîñòóïíî / Âñåãî 0 LAZ

report group lazarus connected hackers new according

report group → Ðåçóëüòàòîâ: 126


Ôîòî:

Ethereum Vulnerability Could Have Allowed Attackers to Drain Hot Wallets

A recent vulnerability in the Ethereum network could have reportedly allowed hackers to gain massive profits from cryptocurrency exchanges which haven’t set up a Gas usage limit. A Critical Vulnerability A group of researchers discovered a vulnerability in Ethereum which allowed attackers to drain exchanges by burning their ETH on high transaction costs or to benefit directly by minting GasToken.

2018-11-27 02:00


Ôîòî:

“Bitmain Is Restructuring,” But Jihan Wu Still a Board Director: Source

Bitmain has denied reports that its CEO Jihan Wu was ousted as the mining firm’s board director while confirming that the board has undergone restructuring. Setting the record straight, Nishant Sharma, international marketing manager of Bitmain Technologies Limited, told Bitcoin Magazine that, instead of losing his position, Wu will continue on as a co-director of the board amidst a wider reorganization.

2018-11-15 21:26


Encrybit ICO

- ENCRYBIT THE RESEARCH BASED CRYPTOCURRENCY EXCHANGE Encrybit made history moments creating massive surveys in cryptocurrency market with 12k+ responses from traders among 167 countries. Encrybit exchange is thought of traders where we are merging their demands in reality developing the secured and featured enriched trading platform that does not want to compromise the emotions of traders.

2018-11-14 19:41


Ôîòî:

New Exchange Security Scoring Model Offers Insurance Rates for Coin Holders

International cybersecurity solutions provider Group-IB has come up with a scoring model to grade crypto exchanges based on their level of security. The scoring model was created by Group-IB in conjunction with Swiss-based Cryptolns (which is operated by Swiss insurance broker APIS AS), and the grading is intrinsic to CryptoIns’ new cryptocurrency exchange insurance, which will allow exchange users to cover up to 15 BTC worth of digital assets held in their exchange accounts.

2018-11-13 00:43


Ôîòî:

Storonsky: ‘No Interest from Big Institutional Investors’ (Why He’s Wrong)

Last week, Bitcoinist argued that cryptocurrency enthusiasts should stop waiting for institutional investors to arrive — because they’re already here. Not everyone shares that opinion.   According to a recent report from Bloomberg, institutional investors don’t have much of an ‘appetite’ for digital currencies.

2018-11-10 08:00


New whisteblower app fights forced evictions in Kenya

An indigenous group in Kenya is embracing the use of technological innovation to document forced evictions and efforts at resolving related conflicts. Although forced evictions are not new to Kenya’s Sengwer community, in December 2018, the Kenyan Forest Service started a new campaign to evict families from the Embobut Forest — their ancestral home — thereby resulting in conflicts and 341 houses being burnt, says a report by Amnesty International published in May this year.

2018-11-8 12:34


Ôîòî:

Lads allegedly beat up their ‘friend’ to steal his Bitcoin

A cohort of young men have been accused of drunkenly assaulting their “friend” to extort the credentials to his cryptocurrency wallet, the New York Post reports. According to the report, the attackers demanded the victim “provide […] login information for his cryptocurrency accounts while holding his head underwater in the bathtub, punching him in the stomach, and throwing hot wax on him.

2018-11-7 16:56


Ôîòî:

Cryptocurrency traders are shifting from stablecoins to Bitcoin

The second half of 2018 has seen Dollar-pegged cryptocurrencies (stablecoins) flood the market, but recent data suggests that Bitcoin might become the one true stablecoin. The latest report from blockchain research group Diar shows while Tether still accounts for an overwhelming majority of the total stablecoin volume, cryptocurrency traders are actually starting to exchange with Bitcoin directly, rather than use new, regulated alternatives.

2018-10-24 13:51


European Scientists Share How Cryptocurrencies will Rival Forex Markets

According to a recent research report that has been published by a group of European scientists Bitcoin and the cryptocurrency market can compete with the forex market in terms of maturity. That means that Bitcoin could soon become a dependable alternative to the traditional financial market. Back in July 2018, the research was published in […]

2018-10-17 21:50


“Gaslighted” DEX Trackers Report Several False Trades

The OpenRelay group published a blog post yesterday which demonstrated that it is possible to distort the data reported on decentralized exchange (DEX) trackers. OpenRelay first discovered the problem after noticing an order that listed their name, even though they were not involved in the order: “At first we thought someone had found a way… The post “Gaslighted” DEX Trackers Report Several False Trades appeared first on UNHASHED.

2018-10-12 17:23