• Sat. Nov 23rd, 2024

Crypto Firms on the Radar of Northern Korean Hackers with Their ‘Durian’ Malware

John Wise

ByJohn Wise

May 28, 2024

The North Korean cyber unit known as Kimsuky, which is associated with the state, is said to have recently launched an attack on at least two Bitcoin businesses in South Korea, during which it allegedly revealed a new variant of malware.

This most recent maneuver highlights the continued attempts that the gang is making to exploit vulnerabilities inside the digital currency sector to potentially improve their financial situation.

North Korean Hackers Target South Korean Crypto Firms with ‘Durian’ Malware

A recent report from the cybersecurity company Kaspersky says that North Korean hackers are attacking South Korean cryptocurrency firms with a powerful new type of malware called “Durian.”

At least two of these companies have been hit by attacks that are thought to be from the well-known hacking group Kimsuky. As part of Kimsuky’s plan, he is persistent and uses legal security software that is only used by crypto businesses in South Korea.

This strategy shows how skilled the group is at taking advantage of weaknesses in the cryptocurrency business. The group’s use of Durian is a big step up in their arsenal and shows they are still a threat to the digital asset environment.

Durian Malware’s Advanced Backdoor Capabilities

Kaspersky’s research shows that the newly found Durian malware works as an installer, making it easy for different malicious tools to be put in place all the time. “AppleSeed,” known as a backdoor, and “LazyLoad,” a custom proxy tool, are two of these.

In addition, Durian uses harmless software, like Chrome Remote Desktop, to further its unlawful goals. Durian has a strong backdoor that lets attackers run commands, download more files, and stealthily get private data.

This many-purpose feature shows how complex the malware is and how smart the threat actors’ methods are, which makes cybersecurity defenses very hard to keep up.

Impact on Crypto Landscape

The fact that Kimsuky and the infamous Lazarus Group both use the LazyLoad tool suggests a possible link between the two groups, according to Kaspersky. Lazarus is a well-known North Korean hacking group that has become notorious since its formation in 2009, especially for the crypto-related attacks it has carried out.

ZachXBT, a blockchain analyst, recently said that Lazarus may have laundered over $200 million in Bitcoin from 2020 to 2023. People say that Lazarus stole more than $3 billion in crypto assets over the six years before 2023.

Lazarus is said to have run away with more than 17 percent of all the stolen money in 2023, which is about $309 million. This shows how big of an effect the group has had on the crypto environment.

John Wise

John Wise

John Wise is a seasoned fintech analyst and writer with over a decade of experience in the field. With a Master’s degree in Computer Science from MIT, he specializes in simplifying complex financial technologies for a broad audience. At FinTech Service Reviews, John provides insightful and thorough reviews, helping readers navigate the evolving landscape of financial technology with ease.

Leave a Reply

Your email address will not be published. Required fields are marked *