Reports have surfaced indicating that North Korean hackers have unleashed a new and potent malware variant, named "Durian," to conduct targeted attacks on South Korean cryptocurrency firms.
The hacking group Kimsuky has reportedly employed Durian in a series of attacks aimed at at least two cryptocurrency companies, as detailed in a May 9 threat report by cybersecurity firm Kaspersky.
Durian: Unveiling the Advanced Tactics of Cyber Threats in Crypto
These attacks involved a persistent strategy, exploiting legitimate security software typically utilized by crypto firms in South Korea. Durian, previously unknown, operates as an installer, facilitating the deployment of a range of malware, including the "AppleSeed" backdoor and the custom proxy tool "LazyLoad," alongside other legitimate utilities like Chrome Remote Desktop.
Unveiling Durian: A Deceptive Backdoor Threat in Cryptocurrency Security
Durian's capabilities extend to comprehensive backdoor functionality, empowering the execution of received commands, facilitating additional file downloads, and enabling the extraction of files, according to Kaspersky's findings.
LazyLoad Unveiled: Tracing Links Between Kimsuky and Lazarus Group
Kaspersky's report highlights that LazyLoad has also been utilized by Andariel, a sub-group within the notorious North Korean hacking consortium Lazarus Group. This connection suggests a potential link between Kimsuky and the more infamous hacking group.
Unmasking Lazarus Group: A Decade of Cryptocurrency Cybercrime
Lazarus Group, active since 2009, has earned notoriety for its involvement in crypto-related cybercrime. Independent investigations have revealed that the group laundered over $200 million in illicit cryptocurrency between 2020 and 2023. In total, Lazarus Group stands accused of stealing over $3 billion in crypto assets over a six-year period leading up to 2023.
The Rise of Lazarus Group: A Persistent Threat in the Crypto Landscape
In 2023 alone, Lazarus Group was responsible for pilfering over 17% of the total stolen funds, amounting to roughly $309 million. This underscores the ongoing threat posed by sophisticated hacking groups like Lazarus, amid an environment where crypto-related hacks and exploits remain prevalent.
The emergence of Durian underscores the evolving tactics employed by cybercriminals, necessitating heightened vigilance and robust security measures within the cryptocurrency ecosystem.