Key Takeaways:
Kimsuky, a state-backed hacking group from North Korea, has deployed a new malware called ‘Durian’ with plans to launch attacks on crypto firms operating in neighboring South Korea.
As per a May 9th threat report from cybersecurity firm Kaspersky, Kimusky has made use of Durain in a series of targeted attacks on at least two cryptocurrency firms so far.
North Korean Hacking Group Kimsuky Deploys New Multifunctional Malware to Exploit Crypto Firms
The previously unknown malware, characterized by its multifunctional backdoor capabilities, executed a “persistent” attack by exploiting legitimate security software used exclusively by South Korean IT and crypto companies.
Durian acts as an installer that deploys a continued stream of malware, including a backdoor known as “AppleSeed”, a custom proxy tool called “LazyLoad”, and other legitimate tools such as Chrome Remote Desktop to execute commands, download files, and exfiltrate data from the victims’ computers.
Kaspersky discovered a potential link between Kimsuky and the infamous Lazarus Group in the deployment of the malware strain. Lazarus is a hacking entity that spearheads North Korea’s cyber espionage targeting the crypto sector.
The notorious hacking group first came into the picture in 2009 and has since established itself as one of the most dangerous cyber hackers.
Lazarus Group Responsible For Stealing $3 Billion in Crypto Since 2017
Blockchain sleuth ZachXBT revealed that the Lazarus Group had managed to successfully launder over $200 million in ill-gotten crypto between 2020 and 2023. According to US-based cybersecurity firm Recorded Future, hackers associated with the group have stolen around $3 billion in various cryptocurrencies since 2017, with more than half of the amount coming in 2022.
Recorded Future highlighted in their report that the amount of stolen crypto equates to approximately half of North Korea’s entire military budget for that year and 5% of the country’s economy. Furthermore, the stolen amount is 10 times more than the total annual income the nation sourced from its exports in 2021, which sat at $182 million.
The report indicates that Lazarus Group initially targeted South Korea for its crypto, before expanding their operations to other parts of the world. They started by exploiting traditional finance firms and then shifted focus to the new digital finance technology.
Last November, the US Treasury’s Office of Foreign Assets Control imposed sanctions on crypto mixer Sinbad. The regulator alleged that the platform had ties with Lazarus Group, facilitating the laundering of stolen cryptocurrencies for the hacking group.
A confidential UN report from last year revealed that North Korean hackers were responsible for stealing more crypto assets in 2022 than in another year. The report submitted to the 15-member North Korean sanctions committee found that hackers linked to the state stole between $630 million and more than $1 billion in crypto assets from networks of foreign aerospace and defense companies.
North Korean Hackers are the Driving Force Behind $1.1 Billion Worth DeFi Exploits in 2022
Blockchain analytics firm Chainalysis called the cybercriminal syndicate the “most prolific cryptocurrency hackers” over the last few years. Chainalysis asserted that North Korean hackers were linked to at least $1.7 billion worth of crypto assets stolen in 2022 – considered the most profitable year for crypto hackers.
At least $1.1 billion from this loot was taken from comprised decentralized finance (DeFi) protocols, making North Korea one of the driving forces behind the DeFi hacking trend that popped in 2022.
Much of these stolen assets were sent to token mixing platforms such as Tornado Cash and Sinbad, in an attempt to obscure the transactions.
North Korea has repeatedly denied these allegations, but the UN report alleged that the country’s primary intelligence bureau, the Reconnaissance General Bureau, works with hacker groups like Kimsuky, Lazarus, and Andariel specifically for cyberattacks.
In 2023, over $1.8 billion worth of cryptocurrencies was lost to various hacks and exploits. Web3 cybersecurity firm Immunefi credited Lazarus Group with having a hand in over 17% – nearly $300 million – of the total funds stolen last year.
More News: When Does ChatGPT Think The Next Bitcoin Bull Run Will Be?
