Home News Kaspersky Lab exposes malicious operation by Lazarus group

Kaspersky Lab exposes malicious operation by Lazarus group


Kaspersky Lab recently uncovered AppleJeus, a malicious operation by North Korea’s cyber-hacking outfit ‘Lazarus Group’ to intrude on cryptocurrency exchanges and applications.

According to an official report, Kaspersky Lab’s Global Research and Analysis Team (GReAT) discovered the unusual activity of attackers who penetrated into the network of an Asia-based cryptocurrency exchange using Trojanized trading software to steal cryptocurrencies.

Vitaly Kamlut, the head of GReAT, stated that the cryptocurrency exchange did not encounter any financial losses during the incident.

“We noticed a growing interest of the Lazarus group in cryptocurrency markets at the beginning of 2017 when Monero mining software was installed on one of their servers by a Lazarus operator. Since then, they have been spotted several times targeting cryptocurrency exchanges alongside regular financial organizations. The fact that they developed malware to infect macOS users in addition to Windows users and even created an entirely fake software company and software product in order to be able to deliver this malware undetected by security solutions, means that they see potentially big profits in the whole operation, and we should definitely expect more such cases in the near future. For macOS users, this case is a wakeup call, especially if they use their Macs to perform operations with cryptocurrencies.” Vitaly added.

The security team at Kaspersky stated that the incident occurred after an employee downloaded a cryptocurrency application from a look-a-like website of a company which is dedicated to crypto trading. The malicious update installs a Trojan known as Fallchill that provides the hackers unlimited access to the compromised computer network system, allowing them to steal sensitive information or to deploy other viruses for exploitation.

Through the years, the scandalous Lazarus Group was linked to a series of cyber-attacks. One of the most brazen attacks occurred in February 2016 when hackers tried to steal $101 million from a Bangladesh Central Bank account at the New York Federal Reserve and move it to Sri Lanka. Only a spelling error caused the banks to realize they were under attack.