Lazarus, a hacking group associated with North Korea, is increasing their cyberattacks on exchanges and other institutions this year.
The hacking group is also believed to be responsible for the Sony Pictures hack in 2014 and the WannaCry ransomware attacks in 2017.
New ransomware for 2020
Kaspersky, the noted malware research company, reported that Lazarus had launched a new ransomware. This new ransomware, called VHD, has been primarily used to go after companies in the economic sector by targeting their internal networks.
The Kaspersky analysts came to the conclusion that Lazarus is behind VHD because the backdoor used in the hacking attack was an instance of a multi-platform framework called MATA. The researchers note that Lazarus is reportedly the sole owner of the MATA framework.
The cryptocurrency of choice for Lazarus for their ransomware attacks is Monero (XMR).
Cybersecurity firm Cyfirma warned in June that the North Korea-linked hacking group was gearing up to launch a massive phishing campaign. The campaign reportedly will target over five million individuals and businesses in Japan, South Korea, Singapore, the United States, India, and the United Kingdom.
One possible motive suggested for this malware campaign is the relief funds people are receiving for the ongoing COVID-19 pandemic.
North Korea using hacking to gain badly needed funds
The UN Security Council issued a report last year detailing how the government of North Korea is using hackers to bypass international sanctions and raise money for the Pyongyang regime. Overall, the country has stolen over US$2 billion [AUS$2.77 billion] over the last few years. The country’s weapons of mass destruction program have been a major recipient of such stolen funds.
Chainalysis notes that Lazarus became more advanced in their techniques in 2019. The cybersecurity firm notes that the hacking group used more sophisticated phishing ploys, employed faster liquidations of stolen cryptocurrency, and increased its use of mixers and CoinJoin wallets.
In its 2019 report on hacks against cryptocurrency exchanges, Chainalysis said, “Lazarus’ growing sophistication and speed in laundering stolen cryptocurrency puts more pressure on intelligence agencies and exchanges alike to move quickly when cyber criminals attack exchanges.”
As for the new VHD ransomware from Lazarus, Kaspersky’s Securelist concluded, “We can only speculate about the reason why they are now running solo ops: maybe they find it difficult to interact with the cybercrime underworld, or maybe they felt they could no longer afford to share their profits with third parties.”