North Korean Hackers Use New 'Durian' Malware for Crypto Attacks on South Korean Firms
Summary:
The North Korean hacking group, Kimsuky, has reportedly utilized a new malware named "Durian" in their cyber attacks on South Korean cryptocurrency firms. The fresh malware thoroughly exploits legitimate security software used by these firms. Its advanced functionalities enable the execution of remote commands, additional file downloads, and exfiltration of files. Kaspersky's threat report suggests a potential connection between Kimsuky and the notorious Lazarus Group, known for stealing crypto assets. Lazarus Group is accused of laundering over $200 million in stolen crypto between 2020 and 2023, and stealing over $3 billion in crypto assets over six years.
Hackers from North Korea are leveraging a newly identified malware strain known as "Durian" to mount attacks on South Korean cryptocurrency businesses. Kimsuky, the North Korean hacking collective, exploited this innovative virus during a chain of attacks on a minimum of two cryptocurrency establishments, as revealed in a threat report from cybersecurity organization Kaspersky on May 9. The attackers exploited legitimate cybersecurity software exclusively used by South Korean cryptocurrency entities through a sustained cyber assault. The fresh Durian malware operates as an installing agent, deploying a ceaseless flow of viruses including a backdoor known as "AppleSeed", a proprietary proxy device called LazyLoad, as well as authorized appliances such as the Chrome Remote Desktop. The multitude of backdoor features provided by the Durian virus allows the execution of delivered commands, added file downloads, and the extrication of files, as described by Kaspersky. The security firm further highlighted that the malware LazyLoad was simultaneously utilized by Andariel, a subsidiary group of the infamous North Korean hacking syndicate, Lazarus Group. This indicates a faint link between Kimsuky and the notoriously notorious hacking syndicate. Lazarus Group, first established in 2009, has garnered a reputation for being one of the topmost cryptocurrency hacking collectives. On April 29, independent blockchain investigator ZachXBT revealed that the Lazarus Group managed to successfully launder over $200 million in stolen crypto between 2020 and 2023. In conclusion, Lazarus Group is purported to have plundered more than $3 billion in cryptocurrency assets in the six years leading up to 2023. Over 17% of total stolen funds in 2023, equivalent to just over $309 million, were credited to the thefts committed by Lazarus. Throughout 2023, crypto worth more than $1.8 billion was compromised due to hacks and exploits, as per a report by Immunefi published on Dec. 28.
Published At
5/13/2024 5:20:57 AM
Disclaimer: Algoine does not endorse any content or product on this page. Readers should conduct their own research before taking any actions related to the asset, company, or any information in this article and assume full responsibility for their decisions. This article should not be considered as investment advice. Our news is prepared with AI support.
Do you suspect this content may be misleading, incomplete, or inappropriate in any way, requiring modification or removal?
We appreciate your report.