Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label North Korea Hackers. Show all posts
Threat Landscape
BlueNoroff macOS malware North Korea Hackers Threat Landscape

North Korean Hackers Employ macOS Malware to Target Crypto Firms

 

BlueNoroff, a North Korean threat actor, has been attacking crypto firms with a new multistage malware for macOS systems. 

According to the researchers, the campaign is known as Hidden Risk, and it lures victims with emails that include fake data on the current activities in the cryptocurrency market.

The malware employed in these attacks depends on a novel persistence method on macOS that does not generate any alerts on the most recent versions of the operating system, allowing it to bypass detection. 

BlueNoroff is known for cryptocurrency theft and has previously targeted macOS with a payload malware called 'ObjCShellz' that opens remote shells on affected Macs. 

Infection chain 

The attacks begin with a phishing email containing crypto-related news and subjects, disguised as if forwarded by a bitcoin influencer to boost credibility. The mail includes a link to a PDF containing the information, but it actually points to the attackers' "delphidigital[.]org" domain. 

According to SentinelLabs experts, the "URL currently serves a benign form of the Bitcoin ETF document with titles that change over time," but it also serves the first step of a malicious application bundle known as 'Hidden Risk Behind New Surge of Bitcoin Price.app'. 

The researchers state that for the Hidden Risk campaign, the threat actor employed an original academic paper from the University of Texas. The first stage is a dropper software signed and notarised with a valid Apple Developer ID, "Avantis Regtech Private Limited (2S8XHJ7948)," which Apple has since revoked. 

When activated, the dropper gets a decoy PDF from a Google Drive link and opens it in the default PDF browser to distract the victim. In the background, however, the following stage payload is downloaded from "matuaner[.]com.”

Interestingly, the hackers have effectively circumvented Apple's App Transport Security standards by altering the app's 'Info. plist' file to permit unsafe HTTP connections to the attacker-controlled site. 

The "Hidden Risk" campaign, according to SentinelLabs, has been in operation for the past 12 months or more. It employs a more straightforward phishing strategy that excludes the customary "grooming" on social media that other DPRK hackers partake in. 

In order to get beyond macOS Gatekeeper, the researchers also point out that BlueNoroff has demonstrated a consistent capacity to find new Apple developer accounts and have their payloads notarised.
Read more »
North Korea Hackers
ATM Hacking Cyber Attacks Hidden Cobra Linux Malware Malware Attack North Korea North Korea Hackers

North Korean Hackers Develop Linux Variant of FASTCash Malware Targeting Financial Systems

 

A new Linux variant of FASTCash malware has surfaced, targeting the payment switch systems of financial institutions. North Korean hackers, linked to the Hidden Cobra group, have expanded their cyber arsenal to now include Ubuntu 22.04 LTS distributions. Previously, the malware targeted Windows and IBM AIX systems. These payment switches route transactions between ATMs and banks, and the malware intercepts ISO8583 messages, modifying transaction responses from “decline” to “approve.” This manipulation authorizes fraudulent cash withdrawals through money mules. The discovery, made by security researcher HaxRob, revealed the Linux variant’s ability to bypass security tools, as it was first submitted to VirusTotal in June 2023 with no detection. 

It operates by injecting a shared library into a running process on the payment switch server using the ‘ptrace’ system call. FASTCash’s history of ATM cash-out attacks dates back to 2016, with incidents stealing tens of millions of dollars across multiple countries. The U.S. Cyber Command in 2020 attributed these schemes to APT38, part of the Lazarus Group. North Korea’s involvement in global financial theft is well-documented, with the theft of over $1.3 billion linked to this malware and other campaigns. The Linux variant’s ability to evade standard defenses puts financial institutions at heightened risk. Its discovery emphasizes the evolving tactics of North Korean cyber actors, who are continually refining malware to expand their reach. 

HaxRob also noted a new Windows version of FASTCash, submitted in September 2024, demonstrating the ongoing development of this malware. To mitigate this growing threat, financial institutions must strengthen security around payment switch systems, implement real-time monitoring of unusual transaction patterns, and upgrade defenses to detect advanced attack techniques like FASTCash. 

As North Korean hackers continue to develop sophisticated malware variants, financial organizations must prioritize protecting against this persistent threat to prevent unauthorized cash withdrawals and financial losses.
Read more »
US Military
Cyber Attacks NASA North Korea Hackers North Korean cyber attacks Ransom Attack Ransomware attack US Military

North Korean Hacker Indicted for Cyber Attacks on U.S. Hospitals, NASA, and Military Bases

 

Federal prosecutors announced the indictment of Rim Jong Hyok, a North Korean military intelligence operative, for his role in a conspiracy to hack into American healthcare providers, NASA, U.S. military bases, and international entities. 

The indictment, unveiled on July 25, 2024, in Kansas City, Kansas, details Hyok’s involvement in stealing sensitive information and deploying ransomware to fund further cyberattacks. Rim Jong Hyok is accused of laundering money through a Chinese bank, using the proceeds to acquire computer servers and finance additional cyberattacks targeting defense, technology, and government entities globally. The indictment highlights his connection to the Andariel Unit of North Korea’s Reconnaissance General Bureau, a state-sponsored group responsible for these malicious activities. 

The cyberattacks on American hospitals and healthcare providers disrupted patient care, underscoring the severe impact of such crimes on public health. Prosecutors allege that Hyok targeted 17 entities across 11 U.S. states, including NASA and U.S. military bases. Defense and energy companies in China, Taiwan, and South Korea were also among the victims. Over three months, Hyok and his team infiltrated NASA’s computer systems, extracting over 17 gigabytes of unclassified data. They also accessed systems of defense companies in Michigan and California and breached Randolph Air Force Base in Texas and Robins Air Force Base in Georgia. 

The malware used by the Andariel Unit enabled them to transmit stolen information to North Korean military intelligence, aiding the country’s military and nuclear ambitions. The stolen data included details of fighter aircraft, missile defense systems, satellite communications, and radar systems, according to a senior FBI official. Stephen A. Cyrus, an FBI agent based in Kansas City, emphasized that North Korea uses cybercrimes to circumvent international sanctions and fund its political and military goals. The impact of these attacks is felt directly by citizens, as evidenced by the disruption of hospital operations in Kansas and other states. 

A reward of up to $10 million has been offered for information leading to his capture or that of other foreign operatives targeting U.S. infrastructure. The Justice Department has a history of prosecuting North Korean hackers. In 2021, three North Korean programmers were charged with a range of cybercrimes, including an attack on an American movie studio and the attempted theft and extortion of over $1.3 billion from banks and companies worldwide. The FBI’s involvement in this case began when a Kansas medical center reported a ransomware attack in May 2021. 

Hackers had encrypted the hospital’s files and servers, blocking access to patient records and critical equipment. A ransom note demanded Bitcoin payments, threatening to leak the files online if the demands were not met. Investigators traced the Bitcoin transactions to two Hong Kong residents, eventually converting the funds to Chinese currency and transferring them to a Chinese bank. The money was accessed from an ATM near the Sino-Korean Friendship Bridge. 

In 2022, the Justice Department announced the seizure of approximately $500,000 in ransom payments, including the entire ransom paid by the Kansas hospital. While Hyok’s arrest is unlikely, the indictment may lead to sanctions that could hinder North Korea’s ability to collect ransoms, potentially reducing the motivation for future attacks on critical infrastructure. 

Cybersecurity analyst Allan Liska from Recorded Future notes that although sanctions may not stop North Korea’s cyber activities entirely, they could deter attacks on hospitals by making ransom payments more difficult to collect. This incident also raises questions about China’s stance on being targeted by its ally, North Korea.
Read more »
Symantec
Cyber Attacks Cyberhacking Hacker attack Hacker group Kimsuky Linux Malware Malware Trojan North Korea Hackers Software Symantec

North Korean Hacker Group Kimsuky Deploys New Linux Malware 'Gomir' via Trojanized Software Installers

 

North Korean hacker group Kimsuky has unveiled a new Linux malware named "Gomir," a variant of the GoBear backdoor. This development marks a significant advancement in the group's cyber espionage tactics. Kimsuky, linked to North Korea’s military intelligence, the Reconnaissance General Bureau (RGB), has a history of sophisticated cyber attacks aimed primarily at South Korean entities. 

In early February 2024, researchers at SW2, a threat intelligence company, reported a campaign by Kimsuky involving trojanized versions of various software solutions. These included TrustPKI and NX_PRNMAN from SGA Solutions and Wizvera VeraPort. The primary targets were South Korean entities, and the malicious software delivered the Troll Stealer and Go-based Windows malware known as GoBear. 

Further investigation by Symantec, a Broadcom company, revealed that the same campaign also deployed a Linux variant of the GoBear backdoor, dubbed "Gomir." This new malware shares many similarities with its Windows counterpart, featuring direct command and control (C2) communication, persistence mechanisms, and support for executing a wide range of commands. Upon installation, Gomir checks the group ID value to determine if it runs with root privileges on the Linux machine. 

It then copies itself to /var/log/syslogd for persistence, creates a systemd service named ‘syslogd,’ and issues commands to start the service. Following these steps, the original executable is deleted, and the initial process is terminated. To ensure it runs on system reboot, the backdoor attempts to configure a crontab command by creating a helper file ('cron.txt') in the current working directory. If successful, the helper file is removed. Gomir supports 17 operations triggered by commands received from the C2 via HTTP POST requests. 

These operations include pausing communication with the C2 server, executing arbitrary shell commands, reporting the current working directory, probing network endpoints, and more. Notably, these commands are almost identical to those supported by the GoBear Windows backdoor, highlighting the malware's versatility and Kimsuky's ability to adapt its tools across different operating systems. Symantec researchers have pointed out that supply-chain attacks, such as trojanized software installers and fake installers, are a preferred attack method for North Korean espionage actors. 

The choice of software for trojanization seems to be carefully selected to maximize infection rates among South Korean targets. By compromising widely used software solutions, Kimsuky increases its chances of infiltrating targeted systems and exfiltrating valuable data. The implications of Kimsuky's activities are significant. By enhancing their malware capabilities and expanding their target range to include Linux systems, Kimsuky poses a heightened threat to organizations, particularly those in South Korea. 

The use of advanced malware like Gomir demonstrates the group's continuous evolution and sophistication in cyber espionage. Symantec's report on this campaign includes a set of indicators of compromise (IOCs) for multiple malicious tools observed, including Gomir, Troll Stealer, and the GoBear dropper. These IOCs are crucial for cybersecurity professionals to detect and mitigate the impact of these threats. 

As the digital landscape continues to evolve, the need for robust cybersecurity measures becomes ever more critical. Organizations, especially those in high-target regions like South Korea, must remain vigilant and proactive in their defense strategies. This includes regularly updating software, conducting thorough security assessments, and implementing comprehensive threat detection and response mechanisms. 

The emergence of Gomir and similar threats underscores the importance of international cooperation in combating cybercrime. By sharing intelligence and collaborating on cybersecurity initiatives, nations can better protect their critical infrastructure and sensitive data from sophisticated threat actors like Kimsuky.
Read more »
North Korea Hackers
cyber attack Financial Exploit Laundering Lazarus Group Linkedin North Korea Hackers

North Korean Hackers Exploit LinkedIn in Targeted Attacks

 


The North Korean hacker group Lazarus has once again made headlines, this time for exploiting LinkedIn in their cyber operations. According to a report by blockchain security analytics firm SlowMist, Lazarus hackers are leveraging the professional networking platform to target unsuspecting users and pilfer their assets through malware attacks.


LinkedIn Used as a Trojan Horse

This involves Lazarus members masquerading as blockchain developers seeking employment opportunities in the cryptocurrency industry. By posing as job seekers, they lure in vulnerable targets, enticing them to share access to their code repositories under the guise of collaborative work. However, the innocuous-seeming code snippets provided by the hackers contain malicious elements designed to syphon off confidential information and assets from the victims' systems.


History of Innovation in Cybercrime

This tactic isn't new for Lazarus, as they previously employed a similar strategy in December 2023, posing as recruiters from Meta. Back then, they convinced victims to download malware-infected coding challenges, which, when executed, granted remote access to their computers.


Lazarus: A Cyber Threat

Lazarus has earned a notorious reputation in the cybersecurity realm since its emergence in 2009. The group is infamous for orchestrating some of the largest cryptocurrency heists, including the 2022 Ronin Bridge hack, which saw a staggering $625 million being stolen.


Laundering Techniques

Once they've plundered their ill-gotten gains, Lazarus employs sophisticated techniques, such as crypto mixing services, to launder the funds back to North Korea. Reports suggest these funds are funnelled into financing the country's military endeavors.


Industry Response and Countermeasures

In response to persistent cyber threats, crypto companies are advocating for heightened security measures and conducting awareness seminars to educate employees about potential risks. The industry's proactive stance has led to the implementation of robust security protocols and increased investment in cybersecurity to safeguard against data breaches and financial theft.


The recent exploits by Lazarus serve as a stark reminder of the ever-present dangers lurking in the digital realm. As cyber threats continue to expand, it's imperative for individuals and organisations alike to remain careful and adopt proactive measures to mitigate risks and be digitally secured.


By staying informed and proactive, investors, traders, and social media users can collectively work towards thwarting cyber threats and safeguarding digital assets in an increasingly interconnected world.


Read more »
US Government
Data Breach Hacker group Kimsuky Kimsuky North Korea Hackers OFAC US Government

US Govt’s OFAC Sanctions North Korea-based Kimsuky Hacking Group


The Treasury Department’s Office of Foreign Assets Control (OFAC) has recently confirmed the involvement of Kimsuky, a North-Korea sponsored hacking group, in a cyber breach attempt that resulted in the compromise of intel in support of the country’s strategic aims. 

Eight North Korean agents have also been sanctioned by the agency for aiding in the evasion of sanctions and promoting their nation's WMD development.

The current measures are apparently a direct response to the Democratic People's Republic of Korea's (DPRK) purported launch of a military reconnaissance satellite on November 21 in an attempt to hinder the DPRK's ability to produce revenue, obtain resources, and obtain intelligence to further its WMD program.

"Active since 2012, Kimsuky is subordinate to the UN- and U.S. designated Reconnaissance General Bureau (RGB), the DPRK's primary foreign intelligence service," the Department of Treasury stated. "Malicious cyber activity associated with the Kimsuky advanced persistent threat is also known in the cybersecurity industry as APT43, Emerald Sleet, Velvet Chollima, TA406, and Black Banshee."

The OFAC, in August 2010, linked Kimsuky to North Korea's primary foreign intelligence agency, the Reconnaissance General Bureau. 

Kimsuky’s operations mostly consist of stealing intelligence, focusing on foreign policies and national security concerns regarding the Korean peninsula and nuclear policy. 

High-Profile Targets of Kimsuky

One of the most notable high-profile targets of the North Korea-based cyberespionage group includes the compromise of South Korea’s nuclear reactor operator in 2018, Operation STOLEN PENCIL against academic institutions in 2018, Operation Kabar Cobra against South Korean government organizations and defense-related agencies in 2019, and Operation Smoke Screen the same year.

Kimsuky was responsible for targeting at least 28 UN officials and several UN Security Council officials in their spear-phishing campaign conducted in August 2020. The cyberespionage group also infiltrated infiltrated South Korea's Atomic Energy Research Institute in June 2021. 

In September 2019, the US Treasury Department imposed sanctions on the North Korean hacker groups Lazarus, Bluenoroff, and Andariel for transferring money to the government of the nation through financial assets pilfered from global cyberattacks against targets.

In May, OFAC also declared sanctions against four North Korean companies engaged in cyberattacks and illegal IT worker schemes intended to raise money for the DPRK's weapons of mass destruction (WMD) programs.  

Read more »
TRM Labs
Chainalysis cryptocurrency Cryptocurrency Breach Cyber Attacks FBI North Korea Hackers Nuclear Programme TRM Labs

North Korean Hackers Steal Crypto to Fund ‘Nuclear Weapon Program’


North Korea based hackers have reportedly carried out another attack, stealing hundreds of millions in crypto in order to fund their regime’s ‘nuclear weapon program.’

According to blockchain intelligence company TRM Labs, almost 20% of all cryptocurrency stolen this year, equivalent to $200 millions in US Dollars, has been taken by hackers connected to North Korea between January and August 18.

The TRM Labs, in a discussion with North Korea experts, in June, stated, “In recent years, there has been a marked rise in the size and scale of cyberattacks against cryptocurrency-related businesses by North Korea. This has coincided with an apparent acceleration in the country’s nuclear and ballistic missile programs,”

In the aforementioned discussion, TRM Labs also emphasized the way there has been a shift away from North Korea's "traditional revenue-generating activities" — a sign that the government may be "increasingly turning to cyber attacks to fund its weapons proliferation activity."

In another comment on the issue, blockchain analytics firm Chainalysis noted in their February issue that “most experts agree the North Korean government is using these stolen assets to fund its nuclear weapons programs.”

On the other hand, CNBC's request for a comment on the matter from the North Korean regime's diplomatic mission to the UN – the Permanent Mission of North Korea in New York – was denied.

The Democratic People's Republic of Korea, or North Korea officially known as the DPRK, has been subject to numerous sanctions by the UN since its first nuclear test in 2006, owing to its development of nuclear and ballistic missile technology.

The goal of these sanctions behind bans on North Korea’s financial services, minerals, metals and artillery is to limit Korea’s access to these sources and funds it will need to execute their nuclear activities. 

The FBI only recently alerted cryptocurrency firms that hackers with ties to North Korea intend to "cash out" $40 million in cryptocurrency.

In January, the federal agency also noted that it continues to “identify and disrupt North Korea’s theft and laundering of virtual currency, which is used to support North Korea’s ballistic missile and Weapons of Mass Destruction programs.”

In regards to the issue, intelligence analyst at blockchain analytics firm TRM Labs Nick Carlsen said, “They are under pretty serious economic stress with international sanctions. They need every dollar they can. And this is just obviously a much more efficient way for North Korea to make money.”

“Even if that dollar stolen in crypto doesn’t directly go towards the purchase of some component for the nuclear program, it frees up another dollar to support the regime and its programs,” he added.  

Read more »
ScarCruft
Data Breach Data Stolen lazarus Mashinostroyeniya Data Breach Missile Program North Korea Hackers NPO Mash ScarCruft

North Korean Hackers Breach Russia’s Top Missile Maker’s Data


Reuters reported on Tuesday about a North Korea-based elite hacker group that is in a bid to steal technology by covertly breaching the computer networks of a Russian missile developer giant. Apparently, the hackers have been running the campaign for nearly five months in 2022. 

The North Korean cyberespionage group has targeted Mashinostroyeniya, a rocket design based in Reutov, Moscow. The hackers group, code-named ScarCruft and Lazarus installed covert digital backdoors into the system at NPO Mashinostroyeniya and was located by Reuters’ James Pearson and Christopher Bing.

However, it has not been made clear as to what data was acquired in the breach. In the following month, the digital break-in Pyongyang introduced several new developments in its banned ballistic missile program, while is not clear if this was in any regards to the breach.

Moreover, no official confirmation has been provided of the espionage by NPO Mashinostroyeniya officials.

About the Targeted Company

The company, commonly known as NPO Mash, specialized in developing hypersonic missiles, satellite technologies and new-generation ballistic armaments. The company was prominent in the Cold War as a premier satellite maker for Russia's space program and as a provider of cruise missiles.

According to experts, the hackers garnered interest in the company after it underlined its mission to develop an Intercontinental Ballistic Missile (ICBM), capable of bringing catastrophe to the mainland United States.

Apparently, the hackers acquired access to the company’s documents and leaked them between 2021, and May 2022. Following this, the IT engineers detected the cybercrime activities, the news agency reported. 

Hackers Read Email Traffic, Jumped Between Networks and Extracted Data from the Company 

According to Tom Hegel, a security researcher with U.S. cybersecurity firm SentinelOne, following the hack, the hackers gained access to the company’s IT environment, which enabled them to read email traffic, jump between networks, and extract data. "These findings provide rare insight into the clandestine cyber operations that traditionally remain concealed from public scrutiny or are simply never caught by such victims," Hegel said.

Digging further into the findings, Hegel’s team of security analysts discovered that one of the NPO Mash IT employees unintentionally exposed his company's internal communications while attempting to investigate the North Korean attack by uploading evidence to a secret portal used by cybersecurity researchers worldwide.

Experts speculate that the data stolen by the hacker group is of great importance, however, it will take a lot more information, effort and expertise for them to actually develop a missile. 

"That's movie stuff[…]Getting plans won't help you much in building these things, there is a lot more to it than some drawings," Hegel further added.

Read more »
Technology
Blockchain Technology Crypto Hacking Data Privacy Financial Exploit North Korea Hackers Online Safety Technology

How Blockchain Technology is Playing a Major Role in Combating Crypto Hacking Risk

 

The world of cryptocurrencies is not immune to the shadows that come with living in a time when digital currencies are having such a significant impact on the global financial landscape. 

Malicious actors are devising complex plans to take advantage of this expanding market while remaining unseen and hidden in the shadows of the internet. Even if the situation involving the most recent Euler Finance exploit and the Ronin Network hack last year was frightening, it is not an isolated incident. 

The finding of a potential link between these instances has caused concern among those in the cryptocurrency community regarding the security and traceability of digital assets. 

The Ronin Bridge exploiter, who is thought to be connected to the notorious North Korean hacker group Lazarus Group, received 100 Ether, or $170,515, via a wallet address connected to the Euler Finance exploit. These occurrences serve as a sharp reminder of the cyberthreats that exist within the crypto sector and may jeopardise its integrity and safety. 

However, this cloud does have a silver lining. The discovery of these links further demonstrates the effectiveness of blockchain technology in locating and perhaps even reducing these concerns. As we continue reading this article, we'll examine the intricacies of cryptocurrency hacking and talk about how to effectively counter such malicious threats. 

How does crypto hacking work?

Crypto hacking, in its most basic form, is the unauthoritative access to and theft of digital assets kept in cryptocurrency wallets and exchanges. It is a type of cybercrime that targets the blockchain ecosystem specifically and takes advantage of flaws in hardware, software, or user behaviour to gain cryptocurrencies in an unauthorised manner. 

Crypto hackers use a variety of strategies. One of the most typical is phishing, where a hacker impersonates a reliable entity to deceive people into disclosing sensitive information like private keys or login passwords. The use of malware or ransomware, which infiltrates networks and either directly steals cryptoassets or holds them for ransom, is a further popular tactic. However, these aren't the only techniques available for crypto cracking. Since hot wallets on crypto exchanges are more prone to attack than cold wallets, hackers target them. 

This includes the current scandals surrounding the Ronin Network and Euler Finance. They depict what are referred to be DeFi exploits. DeFi platforms, like Euler Finance, run on smart contracts, which are self-executing contracts with the conditions of the agreement put directly into code. These smart contracts have numerous benefits, such as transparency and a reduction in the need for middlemen, but they may also have flaws or other weaknesses that cunning hackers might take advantage of. 

Rise in crypto crimes

In 2022, Chainalysis recorded bitcoin thefts of $3.8 billion, a startling increase from the $0.5 billion taken in 2020 and a 15% increase over the $3.3 billion reported in 2021. The increase in online holdings brought about by the rise in public use of digital currencies has made them more desirable and reachable targets for cybercriminals.

De-Fi protocols, essential pieces of technology that support major cryptocurrency exchanges and organisations, were identified by Chainalysis as the key target of assaults in both 2023 and 2022. De-Fi protocols accounted for 82% of all hacking instances in 2022, an increase from 73% in the previous year. 

North Korea continues to lead the pack in terms of dedication to bitcoin hacking. Chainalysis estimates that NK-connected cybercrime groups, such the Lazarus Group, stole $1.7 billion in 2022, making up about half of the annual global total. In 2022, NK stole more digital currency than ever before, according to a recent United Nations report on cyberattacks, albeit the value of the stolen assets vary. 

According to The Conversation, North Korea uses the stolen cryptocurrency to fund its sanctioned nuclear programme, indicating that its hacking activities are unlikely to slow down anytime soon. Compared to prior years, 2022 will see a significant increase in hacking activity, according to Chainalysis' year-over-year research. 

Prevention tips 

The increase in crypto hacking events and the daring actions of organisations like the Lazarus Group highlight the pressing need for strong deterrents. A multifaceted strategy combining technological, legal, and instructional tactics is necessary to tackle these dangers.

Technology-based barriers: The first line of defence against advanced persistent threats is strong cybersecurity measures. This entails the deployment of firewalls, secure, up-to-date software, and robust encryption for all data transmissions. MFA, or multi-factor authentication, can offer an additional layer of security to prevent unauthorised access. 

Regular smart contract audits by outside security companies can aid in identifying and fixing vulnerabilities in the DeFi space before they are exploited. Additionally, the usage of bug bounty programmes, in which ethical hackers are compensated for identifying and disclosing software vulnerabilities, might be an efficient tactic to foreseeably discover possible security weaknesses.

Legal obstacles: Another important component of stopping crypto hacking is using legal disincentives. This entails the creation and application of stringent legislation and rules to deter online criminal activity. The decentralised and international character of cryptocurrencies, however, can make enforcing laws more difficult. Despite these difficulties, there have been cases where hackers have been caught and charged, including the notorious Silk Road case, illustrating the effectiveness of legal deterrents. Blockchain forensics and international cooperation between law enforcement organisations can be crucial in locating and prosecuting these fraudsters. 

Educational barriers: Education is also a potent deterrent. In cybersecurity, the human element is frequently the weakest link since people are readily duped into disclosing private information or acting riskily. Therefore, educating people on how to protect their digital assets, spreading awareness of safe online conduct, and encouraging these behaviours are essential steps in preventing crypto hacking. 

Cybercrime is still a significant concern as we negotiate the complicated world of cryptocurrency. Axie Infinity's Ronin Network and the hacker group Lazarus' suspected involvement in such breaches serve as a sobering warning of the vulnerability of digital assets. Although law enforcement authorities and cybersecurity companies are stepping up their efforts to prevent and track down these hackers, the reality is that due to the anonymity and decentralised nature of cryptocurrencies, these efforts are made more difficult. 

Though it is still in its infancy, insurance is beginning to show promise as a way to reduce the risk of loss from cybercrimes. Crypto insurance may provide some amount of defence against losses brought on by theft, hacking, and other cybersecurity breaches. However, it is a challenging task due to the volatile nature of crypto assets and the absence of comprehensive rules.

In the end, protecting digital assets depends on personal watchfulness, technological breakthroughs, legal frameworks, and international cooperation. The necessity for effective legal deterrents and strong cybersecurity safeguards will only become more pressing as we continue to learn more about cryptocurrency. In this fast-changing environment, the development of crypto insurance and other preventive measures will surely play a crucial role.
Read more »
North Korea Hackers
Bank fraud cyber attack Cyber Attacks Lazarus Heist Money heist North Korea Hackers

Inside the Lazarus Heist: Multi-Billion Dollar Theft in Two Hours

In 2018, a group of men in Maharashtra state of India was tricked into being unwitting participants in a major bank heist. The men, who believed they were being offered small roles in a Bollywood film, were in fact being used as money mules to collect cash in a fraudulent scheme. 

The target of the heist was Cosmos Co-operative Bank, which is based in Pune. On a quiet Saturday afternoon in August of that year, staff in the bank's head office began to receive a series of alarming messages from Visa, the US-based card payment company. 

Visa warned that it was detecting thousands of requests for large cash withdrawals from ATMs, all apparently made by people using Cosmos Bank cards. However, when the bank's staff checked their own systems, they could find no evidence of abnormal transactions. 

Despite this, about half an hour later, the bank's management decided to play it safe and authorized Visa to halt all transactions from Cosmos Bank cards. Unfortunately, this delay would ultimately prove extremely costly. 

The following day, Visa shared a full list of suspect transactions with the Cosmos head office. The bank was stunned to learn that around 12,000 separate withdrawals had been made from ATMs across the globe, totaling nearly $14m in losses. 

This incident serves as a stark reminder of the risks posed by cybercrime, and the importance of staying vigilant against fraudulent activity. Even seemingly minor delays or oversights can have devastating consequences, particularly when it comes to financial transactions. As such, it is essential that individuals and businesses alike remain vigilant and proactive in their efforts to protect themselves against cybercrime and fraud. 

Nevertheless, criminals pulled off a massive ATM heist in 28 countries including USA, UK, and Russia, within 2 hours and 13 minutes. The sophisticated operation was linked to a group of hackers who had carried out similar attacks, believed to be working on behalf of North Korea. 

Indian investigators were able to arrest 18 suspects after analyzing CCTV footage and mobile phone data from the areas near the ATMs. The suspects were recruited as extras for a Bollywood film but were unwittingly used as money mules in a massive bank heist. The investigators believe that North Korea was behind the operation. 

North Korea is one of the poorest nations in the world, yet a significant portion of its limited resources goes toward the building of nuclear weapons and ballistic missiles, an activity that is banned by the UN Security Council. However, the country now also makes headlines in advance cybercrimes. 

The Lazarus Group, an elite team of hackers believed to be directed by North Korea's Reconnaissance General Bureau, is accused by US authorities of stealing money from banks and financial institutions worldwide to fund the country's economy and weapons program. 

The group gained popularity in 2014 when accused by then-US President Barack Obama of hacking into Sony Pictures Entertainment's network in retaliation for a comedy film that portrayed the assassination of Kim Jong Un. 

Additionally, it has been accused of multiple cyber-attacks, including the attempted theft of $1bn from Bangladesh's central bank and the WannaCry ransomware attack. North Korea denies the group's existence, but law enforcement agencies say their hacks are increasingly advanced and ambitious. 

The group recently used a technique called "jackpotting" to steal money from Cosmos Bank, working with accomplices to create cloned ATM cards. British security firm BAE Systems identified the Lazarus Group as the culprit and described the heist's logistics as staggering. 

US tech security investigators believe the Lazarus Group found a facilitator called "Big Boss" on the dark web to help with the Cosmos Bank heist. "Big Boss" turned out to be Ghaleb Alaumary, a 36-year-old Canadian who was sentenced to 11 years, and eight months in prison for offenses including laundering funds from North Korean bank heists. 

North Korea repeatedly denies any involvement in the heist or other hacking schemes, but in February 2021, the US announced charges against three suspected Lazarus Group hackers believed to work for North Korea's military intelligence agency. 

North Korea is estimated to have up to 7,000 trained hackers, who are often sent overseas to work. A former North Korean diplomat revealed that these cyber-units operate from cramped dormitories around the world, with just a computer connected to the internet. 

Despite sanctions and demands to send North Korean workers home, the hackers remain active and are now targeting cryptocurrency companies, having already stolen close to $3.2 billion. US authorities have dubbed them "the world's leading bank robbers" who use keyboards instead of guns.
Read more »
ZachXBT
Binance cryptocurrency Cyber Crime Hacking Harmony Bridge Hack Huobi Lazarus Group North Korea Hackers Nuclear Programme Tornado Cash ZachXBT

Lazarus Moves More than $60 Million from Harmony Bridge Hack


North Korean state-owned threat actors Lazarus Group has stolen around 41,000 ETH or more than $60 million of Ethereum to the crypto exchanges Binance, Huobi and OKX. While Binance and Huobi both froze the funds, Binance declared that an asset of 124 BTC was also recovered in the process. 

According to internet sleuth ZachXBT, the funds were stolen from the Harmony blockchain bridge hack from last year, which led to a whopping $100 million crypto compromise. Apparently, the same hacker group utilized Tornado Cash, a now banned crypto mixer that conceals names of people involved in the transaction, in order to carry out the attack. 

As per the analysis, conducted by token movements, the ETH was routed through the anonymity system Railgun before being collected in wallets and sent to three significant crypto exchanges, possibly to be exchanged for fiat currency. 

“A very busy weekend” for Lazarus Group 

ZachXBT shared details of this week’s token movements on Twitter, claiming Lazarus Group has had “a very busy weekend” moving funds. 

In the follow-tweets, ZachXBT also linked to the website Chainabuse.com where he shared a list of approximately 350,000 unique wallet addresses that were involved in the Friday’s operation. 

Binance’s Say on the Issue 

On Monday, Binanace CEO Changpeng Zhao, better known as CZ too, commented on the situation. CZ claims that the hackers used Huobi, a competing exchange, rather than Binance this time as one of their exchanges. The hacker's accounts were subsequently frozen with Binance's assistance, he says. 

CZ also disclosed that 124 BTC ($2.6m) had been seized from the hackers, indicating at least some of their ETH has been converted to BTC. 

“We detected Harmony One hacker fund movement. They previously tried to launder through Binance and we froze his accounts. This time he used Huobi. We assisted Huobi team to freeze his accounts. Together, 124 BTC have been recovered,” he wrote. 

Although, Huobi did not comment on the matter other than retweeting an article claiming that the exchange had frozen accounts containing money connected to the hack. 

According to a report from South Korea's National Intelligence Service from December of last year, North Korean hackers have stolen more than $1 billion in digital assets since 2017. 

Moreover, the report claims that around $626 million, or more than half of that estimated tally, was taken in 2022. It also stated that it is suspected that the North Korean government uses the money obtained from the theft to advance Pyongyang’s nuclear weapons program.  

Read more »
Subscribe to: Posts (Atom)