According to recent reports, the infamous hacking organization, Lazarus Group, is stepping up its efforts to steal cryptocurrencies.
The group with alleged involvement with the North Korean government is using the current global economic difficulties prompted by the COVID-19 pandemic to increase its profits from cybercrime activities.
The notorious hacking group has been primarily focused on cyber heists involving digital assets, according to a recent report. More specifically, people who have previously purchased cryptocurrencies, and those who operate in the field could become targets.
“The APT (adaptive persistent threats) hacking group Lazarus, which is allegedly sponsored by a certain government, is increasing engaging in cybercrime activities in and out of South Korea,” reads the report.
When executing some of the attacks, the group utilizes malicious emails that mention companies providing electronic payment services and cryptocurrency-related firms. Those files, which sometimes are disguised as blockchain development contracts, induce the victims into opening them.
In another attempt to dupe people, the group is employing an attack named ‘spear phishing.” The scammer obtains detailed information on the targets and later uses their own interests to bait them.
Per the report, stealing cryptocurrencies could result in significant profits for North Korea. The country has been entirely isolated from the rest of the world following the closure of the Sino-North Korean border after the COVID-19 outbreak.
In some of the latest international cybercrime activities, the Lazarus Group has been “engaging in cyber-espionage operations as well as activities designed to generate foreign currency.” Such attacks are typically initiated against countries like the US.
A United Nations report from 2019 noted that North Korea had amassed upwards of $670 million worth of Bitcoin and other cryptocurrencies through hacking. It mentioned that the Lazarus Group was responsible for most of the amount.
UN’s paper also said that digital assets “provide the Democratic People’s Republic of Korea with more ways to evade sanctions, given that they are harder to trace, can be laundered many times, and are independent of government regulation.”
Earlier this year, the US Department of Justice indicted two Chinese nationals for allegedly laundering around $100m in cryptocurrencies on behalf of the North Korean hackers’ group.
However, more recent research compiled by the blockchain surveillance company, Chainanalysis, outlined that cybercriminal activities linked to the organization have even increased lately.
The firm highlighted that the Lazarus Group is working with an alleged anonymity host provider from Switzerland. Named Black Host, he claims to offer anonymous email services, VPNs, and even SIM cards while accepting digital asset payments for its services.
“Blockchain analysis suggests bullet-proof hosting provider Black Host receive Bitcoin from an address linked to Lazarus Group exchange hack.”