Home Ransomware & Hacks

Kaspersky Labs Detects New North Korean ‘Lazarus’ Telegram Attack

In what Kaspersky Labs has described as a follow up to the Operation AppleJeus attack which took place in 2018, the infamous Lazarus hacking group (based in North Korea).

Kaspersky Labs claims to have “identified significant changes to the group’s attack methodology”.

“TO ATTACK MACOS USERS, THE LAZARUS GROUP HAS DEVELOPED HOMEMADE MACOS MALWARE, AND ADDED AN AUTHENTICATION MECHANISM TO DELIVER THE NEXT STAGE PAYLOAD VERY CAREFULLY, AS WELL AS LOADING THE NEXT-STAGE PAYLOAD WITHOUT TOUCHING THE DISK.

“IN ADDITION, TO ATTACK WINDOWS USERS, THEY HAVE ELABORATED A MULTI-STAGE INFECTION PROCEDURE, AND SIGNIFICANTLY CHANGED THE FINAL PAYLOAD.”

Kaspersky Labs, Press Release

Furthermore, the organisation also claims to have determined that the hacking group “has been more careful in its attacks following the release of Operation AppleJeus, and they have employed a number of methods to avoid being detected”.

Lazarus is stated to have set up several fake website, in addition to a fraudulent Telegram group.

“WE WERE ABLE TO IDENTIFY SEVERAL VICTIMS IN THIS OPERATION APPLEJEUS SEQUEL.

“VICTIMS WERE RECORDED IN THE UK, POLAND, RUSSIA AND CHINA.

“MOREOVER, WE WERE ABLE TO CONFIRM THAT SEVERAL OF THE VICTIMS ARE LINKED TO CRYPTOCURRENCY BUSINESS ENTITIES.”

Kaspersky Labs, Press Release

The so-called successor to the 2018 ‘Operation AppleJeus’ attack marked the first time that the Lazarus group had targeted MacOS (traditionally thought of as a much safer operating system compared to its rival Windows OS products).

Lazarus group is recorded to have invented a few “fake companies” to deliver its “manipulated application” and “exploit the high level of trust among potential victims”. It is described by Kaspersky as “one of the most active and prolific APT actors”.

These websites included:

  • Cyptian.com
  • Unioncrypto.vip
  • A Telegram account (for Cryptian)

“DURING OUR ONGOING TRACKING OF THIS CAMPAIGN, WE FOUND THAT ONE VICTIM WAS COMPROMISED BY WINDOWS APPLEJEUS MALWARE IN MARCH 2019.

“UNFORTUNATELY, WE COULDN’T IDENTIFY THE INITIAL INSTALLER, BUT WE ESTABLISHED THAT THE INFECTION STARTED FROM A MALICIOUS FILE NAMED WFCUPDATER.EXE

“AT THAT TIME, THE ACTOR USED A FAKE WEBSITE: WFCWALLET[.]COM”

Kaspersky Labs, Report

In North Korea related news, the Boston Herald has relayed the results of a study published by the Pew Research Center (a nonprofit) which reveals that the USA is viewed favourably worldwide for its handling of the North Korea situation RE: tensions with the U.S and U.S. imposed sanctions.

“[THE USA IS] ENJOYING SUPPORT IN SEVERAL NATIONS, INCLUDING KEY ALLY ISRAEL.”

Boston Herald, article

The research, in conclusion, (supposedly) concludes that it proved that “attitudes toward the country remain favorable, particularly in Central and Eastern European countries, but are less glowing among Western European nations such as Germany… The reviews came from 36,923 individuals in 33 countries surveyed between May 18 and Oct. 2, 2019”.

In a press release, Pew Research stated that:

“AS HAS BEEN THE CASE THROUGHOUT HIS PRESIDENCY, U.S. PRESIDENT DONALD TRUMP RECEIVES LARGELY NEGATIVE REVIEWS FROM PUBLICS AROUND THE WORLD…

ACROSS THE COUNTRIES SURVEYED BY THE PEW RESEARCH CENTER, A MEDIAN OF 64% SAY THEY DO NOT HAVE CONFIDENCE IN TRUMP TO DO THE RIGHT THING IN WORLD AFFAIRS, WHILE JUST 29% EXPRESS CONFIDENCE IN THE AMERICAN LEADER.”

Pew Research Limited