Lazarus Hacking group, which rose to prominence as the ones behind major cyber attacks involving the WannaCry ransomware outbreak, an $80 mln Bangladesh cyber bank heist and 2014's Sony Pictures hack is said to be resurfacing.
This time, however, after issuing ransoms in Bitcoin, the alleged North Korean-linked group is aiming to steal Bitcoin and also lay pathways for future reconnaissance into major banks.
There have been noticeable phishing campaigns which aim to input malware on the systems of global financial organizations as well as Bitcoin users.
Noted by McAfee
The alert was rung by McAfee Advanced Threat Research (ATR) analysts which dubbed the campaign HaoBao.
This sophisticated malware attack targets victims who, when they open malicious documents attached to the emails, the malware scans for Bitcoin activity and then establishes an implant for long-term data-gathering.
It was spotted in mid-January when researchers discovered a malicious document being distributed via a Dropbox link, which claimed to be a job advert.
When opened, the prompt encourages the user to 'enable content' to see a document they're told was created with an earlier version of Word.
This is a ploy to trick the victim into enabling Visual Basic macros and allow the attackers to begin the process of implanting malware.
Lack of regulation
Ryan Sherstobitoff, senior analyst of major campaigns at McAfee, told ZDNet that Lazarus could be targeting Bitcoin users because of the lack of regulations and the difficulty in enforcing sanctions.
Lazarus has shifted to heavy targeting of cryptocurrency due to the lack of solid regulations. Additionally, sanctions are harder to enforce with cryptocurrency than hard currency,
Valeria Blokhina
Tomiwabold Olajide
Gamza Khanzadaev
