Researchers at Kaspersky Labs recently revealed that a North Korean hacker group, Lazarus, may be stealing crypto via Telegram.
North Korea – Lazarus group
North Korea uses the dark side of the crypto. It is said that its hackers try to steal digital currencies and then pay for illegal activities with them. The Lazarus group has become particularly famous.
According to a recent statement published by security analysts in Kaspersky, the group now seems to be doubling its efforts to steal as much digital currency as possible. With the new analysis, Kaspersky also found evidence that the group is already using different methods than it used to do before.
The group is stealing the cryptocurrencies as before, but this time they are doing it differently. “Its members use more effective tactics and take more cautious steps,” the report warns. The group has probably been working recently on improving “its invisibility” while infecting systems and taking over digital coins.
Apparently, everything is done with malware that uses RAM but is not on hard drives, allowing hackers to remain undetected. In addition, the researchers believe that the group uses the Telegram.
How does the attack take place?
Lazarus’ new campaign is called “Operation APpleJeus Sequel” and is a continuation of the “APpleJeus” campaign, discovered in 2018. However, one thing remains the same, namely the fact that the campaign continues to use fake cryptographic trading companies to lure investors.
These fake companies even have their own websites with links to fake trading groups on the Telegram, with the help of which hackers cheat their future victims. They also use the Telegram application to distribute malware that infects the Windows operating system.
After infecting the system, attackers can access the system remotely and misappropriate the user’s crypto. So far, experts have managed to identify many victims throughout Europe, but also in China. Moreover, many of the victims were not individuals, but companies from the crypto market. However, it is still unknown how many hackers managed to steal funds during the new campaign.