![]() ![]() ![]() "Our confidence is very high that this is the work of people associated with the Lazarus Group, because they had to have source code access," Thakur said in an interview.īut he added: "We don't think that this is an operation run by a nation-state." One was a variant of software used to wipe disks during the Sony Pictures attack, while another tool used the same internet addresses as two other pieces of malware linked to Lazarus.Īt the same time, flaws in the WannaCry code, its wide spread, and its demands for payment in the electronic bitcoin before files are decrypted suggest that the hackers were not working for North Korean government objectives in this case, said Vikram Thakur, Symantec's security response technical director. In a blog post, Symantec listed numerous links between Lazarus and software the group had left behind after launching an earlier, less virulent, version of the malware in February. ![]() ![]() By custom, Symantec does not attribute cyber campaigns directly to governments, but its researchers did not dispute the common belief that Lazarus works for North Korea. Lazarus is the name many security companies have given to the hacking group behind the Sony attack and others. On Monday, it called earlier reports that it might have been behind the WannaCry attack "a dirty and despicable smear campaign." North Korea has routinely denied any such role. The US government and private companies have accused North Korea in the 2014 Sony attack. In addition, the same Internet connection was used to install an early version of WannaCry on two computers and to communicate with a tool that destroyed files at Sony Pictures Entertainment. Let us know what you loved about this article, what could be improved, or share any other feedback by filling out this short form.Symantec researchers said they had found multiple instances of code that had been used both in the North Korea-linked group's previous activity and in early versions of WannaCry. The US Treasury Department sanctioned the group in 2019, publicly tying them to North Korea's Reconnaissance General Bureau and attributing their operations to funding the country's nuclear weapons programme. The Lazarus Group is well-known for exploiting zero-day vulnerabilities, distributing malware, and participating in theft, espionage, and disruption. The group distributed bogus job offers to engineers and performed technological attacks such as Distributed Denial-of-Service and brute forcing, attempting multiple passwords until they obtained access. Lazarus used identical strategies in its six-month campaign against cryptocurrency payments company CoinsPaid, which resulted in a $37 million robbery in July. The organization misled victims into compromising their security, allowing them to exploit weaknesses in their systems and steal critical information by using social engineering and phishing techniques. They duped employees by publishing job postings on platforms such as LinkedIn and encouraging applicants to download a PDF file containing a malicious executable file. In 2019, Lazarus targeted European and Middle Eastern military and aerospace companies as part of Operation In(ter)ception. Among these are the $100 million Harmony's Horizon bridge hack in 2022, the $35 million Atomic Wallet hack this year, the recent $54 million CoinEx exchange hack, the $41 million heist from crypto casino Stake and more.Ī surprising point is that these cybercriminals leverage professional networking platform LinkedIn for their social engineering and phishing attacks. The Lazarus Group of North Korean hackers allegedly stole over $3.4 billion in cryptocurrencies in a series of heists dating back to 2007. North Korea's Lazarus Group Used Social Engineering For Hacking Attacks North Korean Lazarus Group Used LinkedIn and Social Engineering To Steal $3.4B ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |