1 year ago
Microsoft and cybersecurity steadfast Volexity person traced a caller mentation of AppleJeus malware to the hackers down the Ronin exploit and galore different online heists.
Own this portion of crypto past
Collect this nonfiction arsenic NFTMicrosoft reports that a menace histrion has been identified targeting cryptocurrency concern startups. A enactment Microsoft has dubbed DEV-0139 posed arsenic a cryptocurrency concern institution connected Telegram and utilized an Excel record weaponized with “well-crafted” malware to infect systems that it past remotely accessed.
The menace is portion of a inclination successful attacks showing a precocious level of sophistication. In this case, the menace actor, falsely identifying itself with fake profiles of OKX employees, joined Telegram groups “used to facilitate connection betwixt VIP clients and cryptocurrency speech platforms,” Microsoft wrote successful a Dec. 6 blog post. Microsoft explained:
“We are […] seeing much analyzable attacks wherein the menace histrion shows large cognition and preparation, taking steps to summation their target’s spot earlier deploying payloads.”In October, the people was invited to articulation a caller radical and past asked for feedback connected an Excel papers that compared OKX, Binance and Huobi VIP interest structures. The papers provided close accusation and precocious consciousness of the world of crypto trading, but it besides invisibly sideloaded a malicious .dll (Dynamic Link Library) record to make a backdoor into the user’s system. The people was past asked to unfastened the .dll record themselves during the people of the treatment connected fees.
DPRK’s infamous Lazarus Group has developed caller and improved versions of its cryptocurrency-stealing malware AppleJeus, marking the regime’s latest effort to garner funds for Kim Jong-un’s weapons programs. @nknewsorg @EthanJewell https://t.co/LjimOmPI5s
— CSIS Korea Chair (@CSISKoreaChair) December 6, 2022The onslaught method itself has agelong been known. Microsoft suggested the menace histrion was the aforesaid arsenic the 1 recovered utilizing .dll files for akin purposes successful June and that was astir apt down different incidents arsenic well. According to Microsoft, DEV-0139 is the aforesaid histrion that cybersecurity steadfast Volexity linked to North Korea’s state-sponsored Lazarus Group, utilizing a variant of malware known arsenic AppleJeus and an MSI (Microsoft installer). The United States national Cybersecurity and Infrastructure Security Agency documented AppleJeus successful 2021, and Kaspersky Labs reported connected it successful 2020.
Related: North Korean Lazarus Group allegedly down Ronin Bridge hack
The U.S. Treasury Department has officially connected Lazarus Group to North Korea’s atomic weapons program.
English (US) 