DPRK-aligned Threat Actor Wages Global Hacking Campaign

ASIA BLOCKCHAIN REVIEW

September 2, 2020

According to this press release from F-Secure, a DPRK-aligned threat actor was waging a global hacking campaign to target the cryptocurrency vertical.

F-Secure published a report linking an attack against an organization working in the cryptocurrency vertical to Lazarus Group – a highly-skilled, financially-motivated threat actor whose interests reportedly align with the Democratic People’s Republic of Korea (DPRK).

By connecting evidence obtained from the attack with existing research, the report concludes the incident was part of a Lazarus Group campaign targeting organizations in the cryptocurrency vertical in the United States, the United Kingdom, the Netherlands, Germany, Singapore, Japan, and other countries.

The tactical intelligence report provides an analysis of samples, logs, and other technical artifacts recovered by F-Secure during an incident response investigation at an organization working in the cryptocurrency vertical.

According to the report, the malicious implants used in the attack were nearly identical to tools reportedly used previously by Lazarus Group – also known as APT38. This is business as usual for the DPRK in the greater scheme of things.

The report identifies the Tactics, Techniques, and Procedures (TTPs) used during the attack, such as spear-phishing via a service (in this case, using LinkedIn to send a fake job offer tailored to the recipient’s profile).

According to F-Secure Director of Detection and Response, Matt Lawrence, the research provides a solid foundation for the report’s actionable security advice.

“Our research, which included insights from our incident response, managed detection and response, and tactical defense units, found that this attack bears a number of similarities with known Lazarus Group activity, so we’re confident they were behind the incident,” said Lawrence.

“The evidence also suggests this is part of an ongoing campaign targeting organizations in over a dozen countries, which makes the attribution important. Companies can use the report to familiarize themselves with this incident, the TTPs, and Lazarus Group in general, to help protect themselves from future attacks.”

Based on phishing artifacts recovered from Lazarus Group’s attack, F-Secure’s researchers were able to link the incident to a wider, ongoing campaign that’s been running since at least January 2018.

According to the report, similar artifacts have been used in campaigns in at least 14 countries: the United States, China, the United Kingdom, Canada, Germany, Russia, South Korea, Argentina, Singapore, Hong Kong, Netherlands, Estonia, Japan, and the Philippines.

Lazarus Group invested significant effort to evade the target organization’s defenses during the attack, such as by disabling anti-virus software on the compromised hosts, and removing evidence of their malicious implants.

And while the report describes the attack as sophisticated, it points out Lazarus Group’s efforts to hide their presence were not enough to prevent F-Secure’s investigation from recovering evidence of their activities.

The report, Lazarus Group Campaign Targeting the Cryptocurrency Vertical, contains more information for defenders, including indicators of compromise, a list of TTPs used in the attack, and additional advice for detecting Lazarus Group activity. It is now available on F-Secure Labs.

Source: F-Secure

Follow Asia Blockchain Review on:

About the author
ASIA BLOCKCHAIN REVIEW

Gateway To Asia

Asia Blockchain Review aims to connect all blockchain enthusiasts on a regional scale, facilitating the technological underpinnings of blockchain through a range of group discussions, technical workshops, conferences and consulting programs.

    Related Article
    Blockchain Enables Verification of COVID-19 Immunity
    Given the virus is not going to disappear in a hurry and we are some time away from vaccinating the ...

    November 21, 2020

    Illicit Cryptocurrency Activity: A Concern
    Market regulators such as SEC has accepted cryptocurrencies as a financial instrument and are consta...

    November 20, 2020

    IBM Using Blockchain to Help Businesses Reopen during COVID-19
    IBM’s healthcare unit, IBM Watson recently announced that they will soon be launching an app to supp...

    November 20, 2020

    Canadian Pacific Railway Collaborates with TradeLens
    Canadian Pacific Railway recently collaborated with TradeLens in a bid to improve its efficacy as an...

    November 19, 2020

    We provide information about Asia Blockchain Review latest activities as well as global blockchain news and research. Subscribe to our Newsletter now or Contact us