The hacking group is also believed to be responsible for the Sony Pictures hack in 2014 and the WannaCry ransomware attacks in 2017.
Kaspersky, the noted malware research company, reported that Lazarus had launched a new ransomware. This new ransomware, called VHD, has been primarily used to go after companies in the economic sector by targeting their internal networks.
The Kaspersky analysts came to the conclusion that Lazarus is behind VHD because the backdoor used in the hacking attack was an instance of a multi-platform framework called MATA. The researchers note that Lazarus is reportedly the sole owner of the MATA framework.
The cryptocurrency of choice for Lazarus for their ransomware attacks is Monero (XMR).
Cybersecurity firm Cyfirma warned in June that the North Korea-linked hacking group was gearing up to launch a massive phishing campaign. The campaign reportedly will target over five million individuals and businesses in Japan, South Korea, Singapore, the United States, India, and the United Kingdom.
One possible motive suggested for this malware campaign is the relief funds people are receiving for the ongoing COVID-19 pandemic.
The UN Security Council issued a report last year detailing how the government of North Korea is using hackers to bypass international sanctions and raise money for the Pyongyang regime. Overall, the country has stolen over US$2 billion [AUS$2.77 billion] over the last few years. The country’s weapons of mass destruction program have been a major recipient of such stolen funds.
Chainalysis notes that Lazarus became more advanced in their techniques in 2019. The cybersecurity firm notes that the hacking group used more sophisticated phishing ploys, employed faster liquidations of stolen cryptocurrency, and increased its use of mixers and CoinJoin wallets.
In its 2019 report on hacks against cryptocurrency exchanges, Chainalysis said, “Lazarus’ growing sophistication and speed in laundering stolen cryptocurrency puts more pressure on intelligence agencies and exchanges alike to move quickly when cyber criminals attack exchanges.”
As for the new VHD ransomware from Lazarus, Kaspersky’s Securelist concluded, “We can only speculate about the reason why they are now running solo ops: maybe they find it difficult to interact with the cybercrime underworld, or maybe they felt they could no longer afford to share their profits with third parties.”
Zoom may be the most popular video conferencing platform today but Microsoft Teams is definitely…
Will Smith and Jada Pinkett Smith's daughter Willow has opened up about her true feelings…
Google's Pixel 5 pricing has been revealed by an untimely leak from the company's Japanese…