Cryptocurrency industry on fire

September 7, 2020
| No comments
north korea hacker

Share post

F-Secure reports: North Korean hackers launch global attack campaign on the cryptocurrency industry. Although the professional attackers covered their tracks, F-Secure was able to reconstruct a global attack by the so-called Lazarus Group.

The cybersecurity specialists at F-Secure have published a report in which they link details of a targeted attack on a company in the cryptocurrency industry with the Lazarus Group. The group of hackers, which is believed to have close ties to the Democratic People's Republic of Korea (DPRK), is known for its highly professional approach, which pursues purely financial interests. In the report, F-Secure comes to the conclusion that the incident investigated is part of a global campaign by the Lazarus Group by combining information and patterns obtained from the attack with existing research results. This is aimed against companies from the cryptocurrency industry from the United States, Great Britain, the Netherlands, Germany, Singapore, Japan and other countries.

Report reveals Lazarus group

The report analyzes the logs, protocols and other technical artifacts that F-Secure was able to secure during the forensic investigation of an attack on a crypto organization. F-Secures security experts found that the attack methods are almost identical to the practices previously used by the Lazarus group - also known as APT38.

The report also includes details of the Tactics, Techniques, and Procedures (TTP) used during the attack. For example, the attackers were able to use "spear phishing" to instrumentalize trustworthy external services. In this specific case, a fake job offer specially tailored to the recipient's profile was sent via the LinkedIn platform.

Similar attacks in at least 14 countries

On the basis of phishing artifacts that were seized after the attack by the Lazarus Group, the researchers from F-Secure were able to link the incident to an extensive campaign that had been running since January 2018. According to the report, similar artifacts were found in attacks in at least 14 countries: the United States, China, United Kingdom, Canada, Germany, Russia, South Korea, Argentina, Singapore, Hong Kong, the Netherlands, Estonia, Japan, and the Philippines.

In order to bypass the defense of the affected company during the attack, the Lazarus group went to great lengths. For example, she was able to disable anti-virus software on the compromised hosts and remove evidence of their activities that had left behind. And although the report characterizes the attack as highly professional, it does indicate that the Lazarus Group's efforts to cover its traces afterwards were inadequate. Numerous hidden and unremoved clues ultimately provided F-Secure with clear evidence of the attackers' activities.

Incident Response, Managed Detection & Response and Tactical Defense Team

“The attack was investigated by experienced specialists from our Incident Response, Managed Detection & Response and Tactical Defense teams. It turned out that this attack had a number of similarities with known activities of the Lazarus group. We believe they were responsible for this attack, ”said Matt Lawrence, director of detection and response at F-Secure. Companies can now refer to the report to familiarize themselves with the specific cyberattack, the TTPs and the Lazarus group in general. In addition, direct security recommendations are given to protect against attacks by the hacker group.

 

More on this at F-Secure.com

 

Via F-Secure

Nobody has a better insight into real cyberattacks than F-Secure. We bridge the gap between detection and response. To do this, we leverage the unmatched threat expertise of hundreds of the best technical advisors in our industry, data from millions of devices using our award-winning software, and ongoing innovations in artificial intelligence. Leading banks, airlines and corporations trust our commitment to fight the world's most dangerous cyber threats. Together with our network of top channel partners and over 200 service providers, it is our mission to provide all of our customers with tailored, enterprise-grade cybersecurity. F-Secure was founded in 1988 and is listed on NASDAQ OMX Helsinki Ltd.

 

Matching articles on the topic

Cybersecurity platform with protection for 5G environments

Cybersecurity specialist Trend Micro unveils its platform-based approach to protecting organizations' ever-expanding attack surface, including securing ➡ Read more

Data manipulation, the underestimated danger

Every year, World Backup Day on March 31st serves as a reminder of the importance of up-to-date and easily accessible backups ➡ Read more

Printers as a security risk

Corporate printer fleets are increasingly becoming a blind spot and pose enormous problems for their efficiency and security. ➡ Read more

The AI ​​Act and its consequences for data protection

With the AI ​​Act, the first law for AI has been approved and gives manufacturers of AI applications between six months and ➡ Read more

Windows operating systems: Almost two million computers at risk

There are no longer any updates for the Windows 7 and 8 operating systems. This means open security gaps and therefore worthwhile and ➡ Read more

AI on Enterprise Storage fights ransomware in real time

NetApp is one of the first to integrate artificial intelligence (AI) and machine learning (ML) directly into primary storage to combat ransomware ➡ Read more

DSPM product suite for Zero Trust Data Security

Data Security Posture Management – ​​DSPM for short – is crucial for companies to ensure cyber resilience against the multitude ➡ Read more

Data encryption: More security on cloud platforms

Online platforms are often the target of cyberattacks, such as Trello recently. 5 tips ensure more effective data encryption in the cloud ➡ Read more

PR News
, , ,