Lazarus Group, the hacking group with supposed ties to the North Korean goverment, is now being linked to the attacks carried out on South Korean cryptocurrency exchanges and their users last year. Previously, Lazarus has been the centre of attention for hacking Sony Pictures Entertainment, and was recently publicly blamed for the global WannaCry ransomware attack. Researchers from Recorded Future, an Internet tech company, have noticed similarities between the attacks carried out by Lazarus and the recent attack on South Korean cryptocurrency exchanges.
“This late 2017 campaign is a continuation of North Korea’s interest in cryptocurrency, which we now know encompasses a broad range of activities including mining, ransomware, and outright theft,” the report claims.
Similar code used in previous alleged Lazarus operations
Back in 2014, Sony Pictures suffered a data breach, in which a group of hackers took off with confidential data, which was later leaked. It included the personal information of employees and their family members. The group also threatened terrorist attacks if Sony premiered its controversial film ‘The Interview’, a comedy about assassinating the North Korean leader. The attack is believed to be sponsored by North Korea, based on evidence found after investigating the software and techniques used. North Korea, however, has denied responsibility.
The group is also believed to be behind the WannaCry ransomware attack, which caused havoc all over the world in May 2017. North Korea has denied involvement in that attack as well.
However, Recorded Future has found similarities in the malware used in those two attacks and the attacks on cryptocurrency exchanges and their users late last year, which suggests that Lazarus group is behind the attacks. However, the report does not say how successful the attacks were.
North Korean believed to be trying to deal with imposed economic sanctions
It is believed that North Korea is trying to steal cryptocurrency in order to deal with the economic sanctions imposed on the country.
“We believe that this targeting is a continuation of North Korea’s attempts to use cryptocurrency as a means of circumventing sanctions and controls imposed by the international financial system,” Priscilla Moriuchi, director of strategic threat development at Recorded Future, told CNBC.
The report also mentions that not only South Korean cryptocurrency exchanges could become victims. With South Korea trying to impose stricter regulations on cryptocurrency, Lazarus may turn to other countries.
“As South Korean exchanges harden their networks and the government imposes stricter regulatory controls on cryptocurrencies, exchanges and users in other countries should be aware of the increased threat level from North Korean actors.”