A north Korean hacking group called Lazarus has stolen cryptocurrencies worth $571 million. The Next Web that cited findings from the annual report of software and hardware developing company Group-IB has stated that the hacking group was behind 14 cyber-attacks on cryptocurrency exchanges since January 2017.
Reports also stated the hackers targeted cryptocurrency exchanges with spear phishing, using malware and social engineering. The finding of the firm showed that "Spear phishing remains the major vector of attack on corporate networks. For instance, fraudsters deliver malware under the cover of CV spam [with an attachment] that has a malware embedded in the document."
Group-IB believes that there is a possibility that the number of the targeted arracks on cryptocurrency exchanges could rise and it not just the ones from Lazarus. Almost 10 percent of the total funds accumulated by Initial Coin Offering (ICO) platforms over the past year and a half have been stolen. However, the reports also claimed that large hacking groups are capable of stealing $1 million worth property in a month.
"Fraudulent phishing-schemes involving crypto-brands will only get more complex as well as cybercriminals' level of preparation for phishing attacks," the group said.
Many cybercrime researchers have claimed that North Korea based advanced persistent threat (APT) organizations are mostly attacking financial institutions and Bitcoin exchanges. A recent report from global cybersecurity firm McAfee has shown that the coin miner malware grew 629 per cent to 2.9 million in the first quarter of 2018 from around 400,000 total known samples in Q4 of last year.
The Lazarus group has started as a highly sophisticated Bitcoin-stealing phishing campaign, HaoBao, which particularly targeted global financial organisations and Bitcoin users. After the recipient opens malicious email attachments, that implant would start to scan for Bitcoin activity and establishes an implant a constant data gathering and crypto mining.