The hermit kingdom that is currently reeling under the economic instability brought in by the coronavirus pandemic has unleashed its elite unit of hackers known as Hidden Cobra aka Lazarus group to spread new highly sophisticated malware and steal cryptocurrencies like Bitcoin.
Kim Jong Un who previously used Hidden Cobra, more popularly known by the moniker Lazarus Group, to carry out the infamous global WannaCry ransomware attack has once again deputized the hackers to carry another wave of cryptocurrency attacks.
The new attack was launched just on the three year anniversary of the WannaCry ransomware attack that affected over 200,000 victims and infected more than 300,000 computers.
North Korea now has released three new variants of malware, which are highly sophisticated and are capable of remote reconnaissance and exfiltration of sensitive information from target systems, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Defense (DoD) said in a joint statement issued on May 12.
The Lazarus Group, which stole close to $571m of cryptocurrency from five Asian exchanges between January 2017 and September 2018, now have released three new malware called Copperhedge, TaintedScribe, and Pebbledash.
According to the Department of Homeland Security, DPRK uses hackers, cryptologists, and software developers to develop and deploy a wide range of malware tools around the world to raise revenue illicitly.
North Korea has been accused of carrying out cyber-enabled financial theft and money laundering, besides executing extortion campaigns against third-country entities by compromising an entity's network and threatening to shut it down unless the entity pays a ransom.
DPRK also has used cryptojacking - a scheme to compromise a victim machine and steal its computing resources to mine digital currency. In one incident, investigators found the malware was depositing the data to servers located in the DPRK, including at Kim Il Sung University in Pyongyang.
New highly sophisticated Trojan malware
Even though the US Homeland Security has been able to expose the new malware, the threat is far from over. According to CISA, there has been an increase in the ransomware attacks being carried out by DPRK.
The three new malware are in fact are an addition to a long list of close to 25 malware samples, including BISTROMATH, SLICKSHOES, HOPLIGHT, and ELECTRICFISH that have been deployed by Hidden Cobra aka the Lazarus Group.
Coronavirus in North Korea
There are reports that coronavirus in North Korea has wreaked havoc and the supreme leader is concerned about the food shortage in the country. The recent inauguration of the fertilizer factory was a step in this direction - ensure food safety in the country as facing a severe shortage.
Despite claims of North Korea, it is now believed that the country is severely affected by the COVID 19 outbreak that has also severely crippled the economy, forcing Pyongyang to increase its global cybercrime activities.