Notorious hacking group Lazarus is said to be increasing its efforts to steal cryptocurrency from traders and industry professionals.
Cybersecurity experts, as cited in the Daily NK on Monday, said the group – widely believed to be sponsored by the government of the Democratic People's Republic of Korea – is making a concerted effort to target South Korean crypto holders amid the coronavirus pandemic. It's also looking further afield and launching attacks in other nations such as the U.S.
ESTsecurity, a cybersecurity firm, warned Lazarus has been increasingly launching what are called adaptive persistent threats (APTs) – prolonged and targeted cyberattacks, whereby an intruder seeks to gain access to a network while remaining undetected.
The firm detailed in a press release that one way hackers gain access to a network or exchange account is by sending emails with malicious attachments, claiming to be from legitimate services or entities. The hackers disguised some of these attachments as "blockchain software development contracts" and enticed victims to open them.
"When it comes to attacking foreign institutions and companies, Lazarus is consistent in conducting attacks by email disguised as a job offer or job description," ESTsecurity said in a statement.
"As such, the organization has been attacking cryptocurrency traders in Korea until recently," the firm added.
Lazarus is best known in the crypto world for making off with $571 million in stolen funds in 2018 from various exchanges located around South Korea and Asia.
Pressure from economic sanctions against North Korea has increased by the United Nations, the European Union and the U.S. over nuclear arms and military concerns against the backdrop of fresh coronavirus cases being reported on the peninsula.
The increased attempts of theft in cryptocurrencies come as fresh news reports of a potential "second wave" in South Korea on Monday. There have been 34 new cases of the deadly virus, its highest daily number in a month as reported by Seven News Australia.
Figures remain unclear in highly secretive North Korea. However, the total number of cases in the south has reached over 10,900, with 256 deaths in total, according to Worldometer, a COVID-19 tracking website.
Amid the outbreak, ESTsecurity said a "spoofing request for cooperation regarding the outbreak of the [COVID-19] virus ... which was discovered on April 1, also revealed that domestic Bitcoin trading officials were partially included in the target."
The group has also been targeting U.S. relations and diplomatic security, as well as aerospace companies and more, the firm said.
In March, the U.S. Treasury Department's Office of Foreign Asset Control added 20 new Bitcoin addresses associated with two individuals to its list of sanctioned individuals. The two were said to be associated with Lazarus.
The group has been accused of having stolen over $500 million in cryptocurrency since 2018. A United Nations Security Council expert panel has also accused the state of carrying out hacks of both fiat currencies and crypto in order to bypass economic sanctions.