Cybersecurity Firm Kaspersky Warns of New Ransomware Devised by Notorious North Korean Ransomware Group

Shine Li   Jul 29, 2020 04:00 3 Min Read

Multinational cybersecurity provider Kaspersky has announced that the notorious North Korean crypto criminal group, Lazarus, is planning on releasing a new ransomware. 

Kaspersky Investigates 

The new threat, dubbed VHD, is designated to target internal networks of companies in the economic sector. In regards to why the ransomware group often resorted to working in solo ops, Kaspersky researchers presented their hypothesis:

“We can only speculate about the reason why they are now running solo ops: maybe they find it difficult to interact with the cybercrime underworld, or maybe they felt they could no longer afford to share their profits with third parties.”

Phishing For Crypto And Sensitive Data 

The infamous North Korean ransomware group Lazarus have been reported to have multiple tricks up their sleeves. In fact, according to cybersecurity Cyfirma,  Lazarus is preparing a huge phishing campaign, that is meant to target at least 6 nations and over 5 million businesses and individual investors.  

The report of the devious scheme was released in June. For the time being, there are no signs of the phishing campaign unfolding yet, as it appears that the North Korean ransomware group have not yet deployed the mass phishing campaign.

However, as the hacking group have kept their digital heists alive in 2020, Cyfirma thought it best to warn major companies for prevention purposes.  

Lazarus’ Notoriety Precedes Them 

In the past, the North Korean ransomware group, operating under “Lazarus,” have made quite an impression on cybersecurity firms, having accumulated over $571 million in stolen cryptocurrencies since 2017. Lazarus group is notorious for hitting up cryptocurrency exchanges and have kept up their act of ransoming victims for cryptocurrencies, amid the coronavirus pandemic. 

2019 Digital Heist 

Last year, as reported by Chainalysis, Lazarus pulled off a digital heist that amounted to $7 million in various cryptocurrencies.  

The ransomware group hit up DragonEx crypto exchange, a Singapore-based money exchange. In order to pull off their crypto scam, Lazarus created a fake trading bot website that was offered to employees of the DragonEx exchange.

The North Korean criminal organization used a sophisticated phishing attack, where a real website and social media pertaining to it were linked to a fake company called “WFC Proof.” The non-existent company was said to have created Worldbit-bot, a trading robot, that was then offered to DragonEx employees.

Finally, the malicious software was installed on a computer that contained the private key of the DragonEx hot wallet, which enabled the North Korean-based group to steal cryptocurrencies from the Singapore exchange.

Lazarus Group: Anonymous or Not?

Lazarus’ malicious cyberattacks date all the way back to 2017. Though cybersecurity has not managed to completely arrest and stop the hacking group, identities associated with the North Korean hacking ring have been uncovered.  

Earlier this year, two Chinese citizens by the name of Tian YinYin and Li Jiadong were identified by the US treasury for their connection with Lazarus group. They were sanctioned in March by US authorities for their alleged involvement in laundering stolen cryptocurrencies from a 2018 cyberattack against a cryptocurrency exchange. 

While blockchain is still promoted as being cryptographically secured and the underlying technology for cryptocurrencies, exchanges that hold them are still prone to cyber-attacks, just as traditional markets are not immune to heists and money laundering schemes.  

Korea: Training Military or Cybercriminals?

Preventing financial theft has been an ongoing issue for the longest of times.

With a series of money-related attacks leading to a subsequent UN investigation last year, there is an ongoing hypothetical circulating around the law enforcement industry that the Democratic People’s Republic of Korea (DPRK) may be heavily involved in coordinating cyberattacks, as they have reportedly been training cybercriminals to target and launder stolen funds from financial institutions.


Image source: Shutterstock

Read More