North Korean hackers from Lozarus

Endy Callahan

Dinesh Devadoss, who is a security expert, on the unioncrypto website.vip noted dangerous software for macOS. Its task is to advertise a "smart platform for arbitrage of cryptographic currencies".

Harmful and dangerous code

The UnionCryptoTrader application includes a special postinstall code that performs installation of vip.unioncrypto.plist. The document does not have a digital signature, and the OS warns the user when it is opened.

The malicious script establishes a connection with a remote command server that provides it with a payload, which will be performed by the computer hardware. UnionCryptoTrader collects critical hardware information: know the OS type and serial number of the product.

The unioncryptoupdater file is not displayed in standard mode, it will run every time the OS is rebooted.

The level of threat detection is extremely low, which complicates forensic analysis. VirusTotal reports that to date only 5 antivirus programs have marked this code as malicious.

Many experts draw Parallels between the UnionCryptoTrader and AppleJeus attack that took place last year. All this suggests that the software was developed by the North Korean group Lazarus. In the article "The complete truth about blockchain security" you can read about the features of the distributed registry technology.

North Korea develops blockchain, the state organized a conference on cryptocurrency

It was reported that the DPRK intends to organize a conference dedicated to cryptographic currencies and blockchain technology. The event is expected to take place over two days. Experts from dozens of countries will attend the meeting with representatives of North Korean enterprises.

A cybersecurity specialist, who wanted to remain anonymous, said that with the help of a large-scale event, the DPRK intends to show the world its capabilities in the field of cryptographic currencies and blockchain in general.

Kaspersky lab commented on the malicious code released by the Lazarus Group criminal syndicate. The group is supported by the North Korean government. The application affects different operating systems, it serves to steal digital money. The researchers noted that hackers from North Korea launched the Applejeus campaign, which used the Fallchill Trojan. Malicious code was detected in the information systems of a cryptocurrency trading platform from Asia.

The Group is believed to have attacked South Korea's largest exchange, Bithumb. During the attack, they managed to steal personal information from over 30 thousand users. A number of experts note that North Korea is also involved in hacking other trading platforms.

North Korea may be linked to the hacking of the Japanese crypto exchange Coincheck

The South Korean national intelligence Agency has initiated an investigation into the likely involvement of hackers from North Korea in the hacking of the Coincheck platform. The attackers caused $ 533 million in damage in NEM coins.

Intelligence believes that the attack on the trading platform was able to detect features that are present in the operations of hackers from North Korea. Investigators believe the attack on Coincheck has a link to the Youbit hack. That South Korean crypto exchange lost about 17% of its assets, after which it initiated bankruptcy proceedings.

To date, South Korean intelligence has no conclusive evidence that North Korea was involved in the Coincheck attack. This version is considered as the main one. According to the representative of South Korea, Pyongyang began to expand the ways of illegal mining of cryptographic currencies – North Korea is credited with spreading viruses for mining. After infiltrating users ' computers, the code starts mining Monero.

UN accuses hackers from North Korea of attacking bitcoin exchange to circumvent sanctions

According to the UN security Council report, North Korea has carried out attacks on major cryptographic exchanges. The goal is to get foreign currency and use it to reduce the effect of economic sanctions.

Restrictions aimed at countering North Korea's nuclear missile programs have negatively affected coal supplies. As a result, the inflow of foreign currency to the state has significantly decreased.

Experts note that due to cryptocurrencies that are mined by hackers, the ruling regime of North Korea will be able to successfully circumvent the restrictions. The authors of the report are convinced that money can be laundered through digital assets, and state regulation does not apply to such assets.

The researchers found that during the year, attackers carried out at least 5 successful attacks on Asian crypto exchanges. As a result, the latter recorded losses of $ 571 million.

Experts advised UN member States to more effectively "exchange data on cyber attacks from the DPRK's position with other governments and financial institutions" to identify and prevent such actions.

According to Group-IB, during the year, hackers broke into almost a dozen crypto-exchanges, and the damage from their activities amounted to 882 million dollars.

North Korean hackers are suspected of attacking many cryptocurrency exchanges. Losses from their activities are estimated in the hundreds of millions of dollars. The world-famous Kaspersky Lab antivirus also came to this conclusion. Such trading platforms as Coincheck, Bithumb, and others could suffer at the hands of North Korean Lazarus. Keeping this in mind, always keep precautions, do not keep large amounts on exchange wallets. This will avoid losses if another attack by North Korean hackers is successful.