Internet hackers have pilfered $882 million of digital currency from crypto exchanges since last year, but one group in particular has netted roughly half that amount: Group-IB noted in a report that a North Korean hacking group, Lazarus, has taken $571 million through an analysis of 14 different attacks, The Next Web reported.
In general, hackers turn to methods such as social engineering, malware and spear phishing to target digital currency exchanges. The most popular attack vector on corporate networks is spear phishing. In order to accomplish this, the scammers deliver malware. “After the local network is successfully compromised, the hackers browse the local network to find workstations and servers … working with private cryptocurrency wallets,” a summary of the upcoming report said.
The group also noted that it expects digital currency exchange attacks to increase across the board – not just those by Lazarus. In addition, groups that typically attack banks may decide to target crypto exchanges because they realize those heists can be fruitful.
In August, information security firm Kaspersky Lab revealed the latest cybersecurity issue on its Securelist blog: The company said that Lazarus is tricking unsuspecting users into downloading cryptocurrency-related software laced with malware.
“Lazarus has been a major threat actor in the APT arena for several years. Alongside goals like cyber espionage and cyber sabotage, the attacker has been targeting banks and other financial companies around the globe,” the company wrote. “Over the last few months, Lazarus has successfully compromised several banks and infiltrated a number of global cryptocurrency exchanges and FinTech companies.”
Kaspersky recently discovered the hack while investigating a crypto exchange attacked by Lazarus, with the help of a trojanized cryptocurrency trading application. The update had been sent to the company via email, and an unwitting employee downloaded it from a legitimate-looking website. Their computer was then infected with malware known as FallChill, an old tool that Lazarus is now using again. Computers infected with FallChill can immediately be controlled remotely.