State-sponsored groups are generally focused on espionage and disruption. “The Lazarus Group is a sophisticated, state-sponsored APT group with a long history of successful destructive, disruptive, and costly attacks on worldwide targets. The research paper published by the experts detail a new implant dubbed PowerRatankba, a PowerShell-based malware variant that closely resembles the original Ratankba implant.Įxperts also documented a new and emerging threat dubbed RatankbaPOS targeting the point-of-sale systems. The arsenal of the Lazarus APT group includes sophisticated custom-made malware, DDoS botnets, and wiper malware. The timing is perfect, the hackers are intensifying their operation around Christmas shopping season. Lazarus is believed to be the first nation state attacker that is targeting a point-of-sale using a framework to steal payment card data. Security researchers discovered that North Korean Lazarus APT group was behind recent attacks on banks, including the Bangladesh cyber heist.Īccording to security experts, the group was behind, other large-scale cyber espionage campaigns against targets worldwide, including the Troy Operation, the DarkSeoul Operation, and the Sony Picture hack. This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems.
The activity of the Lazarus Group surged in 20, its members used mostly custom-tailored malware in their attacks and experts that investigated on the crew consider it highly sophisticated. The Lazarus APT group has increasingly focused on financially motivated attacks in the attempt to exploit the media interest in the skyrocketing prices for cryptocurrencies. “Victims of interest are then infected with additional malware including Gh0st RAT to steal credentials for cryptocurrency wallets and exchanges, enabling the Lazarus Group to conduct lucrative operations stealing Bitcoin and other cryptocurrencies.” “Proofpoint researchers have uncovered a number of multistage attacks that use cryptocurrency-related lures to infect victims with sophisticated backdoors and reconnaissance malware that we attribute to the Lazarus Group.” reads the analysis published by Proofpoint.
#Lazarus group bank of bangladesh code
The malicious code aims to steal credentials for cryptocurrency wallets and exchanges, but there is much more. The North Korea-Linked hackers launched several multistage attacks that use cryptocurrency-related lures to infect victims with malware. Researchers at security firm Proofpoint collected evidence of the significant interest of the Lazarus APT group in cryptocurrencies. Researchers at security firm Proofpoint collected evidence of the significant interest of the Lazarus APT group in cryptocurrencies, the group’s arsenal of tools, implants, and exploits is extensive and under constant development.
0 kommentar(er)
