North Korean Lazarus Group is aiming for crypto funds by using fake names of a crypto investment company.

Microsoft and cybersecurity firm Volexity has detected the latest version of AppleJeus malware to the hackers backing Ronin exploit and several other online thefts.

Hacker’s plan analysis: Microsoft  

Microsoft stated that the threat actor had been recognized as aiming at cryptocurrency investment startups. The threat actor aims for his target with the help of the Telegrams chat group. Microsoft detected that the threat actor, DEV-0139, acted as a fake cryptocurrency investment company to gain the target’s trust. 

The aiming style of the threat actor is very rare. He also created a fake profile named OKX employees to join the Telegram chat groups. “used to facilitate communication between VIP clients and cryptocurrency exchange platforms.” Microsoft expressed in a report on December 6.

Microsoft stated, “We are […] seeing more complex attacks wherein the threat actor shows great knowledge and preparation, taking steps to gain their target’s trust before deploying payloads.”

This year in October, the threat actor invited targets to different chat groups to take feedback on the fee structure of several cryptocurrency exchange platforms.

Microsoft blog report says, “After gaining the target’s trust, DEV-0139 then sent a weaponized Excel file with the name OKX Binance & Huobi VIP fee comparision.xls which contained several tables about fee structures among cryptocurrency exchange companies.”

A documented file provides highly accurate data, information and awareness of the reality of crypto trading; the document aims to invisibly load a malicious. Dynamic Link Library file to create a loop door to enter into the user’s system.

The actor indirectly asked Target to open this file in between the discussion. 

This attack style is known and was already used earlier. Microsoft declared that the threat actor was the same as found earlier using .dll files with the same intention in June and is also following other previous incidents. According to Microsoft, DEV-0139 is detected to be the same actor that cybersecurity firm Volexity is related to North Korea’s state-sponsored Lazarus Group.

Related Posts

Dubai has become the 2nd most crypto-ready city in the world

This time, it became the thumb rule of Dubai...

SOLDAIT Launches a Revolutionary Payment Gateway system

SOLDAIT believes that this payment system will help users...

Capital Wallet receives Award at The Ultimate Finance Awards MEA 2023 

Capital Wallet, a leading cryptocurrency payment solution provider, has...

Komainu granted MVP license by Dubai’s Crypto regulator VARA 

Komainu, a regulated custodian platform for digital assets, has...

What makes Dubai the Perfect Location to Sell Your Cryptocurrencies

Over the past few years, Cryptocurrencies & digital assets...

Dubai Future Foundation’s Conclusion on Dubai Metaverse Assembly

Dubai’s Metaverse Assembly was held in September 2022 at...