North Korean Hackers Use Discord to Target Crypto Engineers
In a recent discovery, Elastic Security Labs has uncovered a sophisticated cyber intrusion by North Korean hackers associated with the Lazarus group. The attack, known as REF7001, involved the use of a new macOS malware called Kandykorn, specifically designed to target blockchain engineers working on cryptocurrency exchange platforms.
Unique Distribution Method
What makes this attack stand out is its distribution method. The attackers distributed the malware through a private message on a public Discord server, which is not typical for macOS intrusions. The victim believed they were installing an arbitrage bot, a tool for profiting from cryptocurrency rate differences between platforms.
Sophisticated Malware Tactics
After installation, the Kandykorn malware establishes communication with a command-and-control server using encrypted RC4 and a distinct handshake mechanism. Instead of actively seeking commands, it patiently waits for them, allowing hackers to discreetly control the compromised systems.
Links to Lazarus Group
Elastic Security Labs has uncovered evidence linking this attack to the Lazarus Group in North Korea. The similarities in techniques, network infrastructure, certificates used to sign malicious software, and custom methods for detecting Lazarus Group activities all point to their involvement. On-chain transactions have also revealed connections between security breaches at various cryptocurrency platforms.
Importance of Cybersecurity Measures
This revelation emphasizes the need for robust cybersecurity measures to protect against sophisticated threats like those employed by the Lazarus Group. It serves as a reminder that even seemingly legitimate software can be used as an entry point for hackers.
Hot Take: North Korean Hackers Exploit Discord to Target Crypto Engineers
A recent cyber intrusion by North Korean hackers associated with the Lazarus group has revealed their use of a new macOS malware called Kandykorn. This attack specifically targets blockchain engineers working on cryptocurrency exchange platforms. The unique distribution method through Discord private messages highlights the hackers’ evolving tactics.
Elastic Security Labs has provided insights into the sophisticated techniques employed by the Lazarus Group, showcasing their proficiency in file upload and download, process manipulation, and execution of system commands. The connections between security breaches at various cryptocurrency platforms further solidify the group’s involvement.
This discovery underscores the importance of robust cybersecurity measures to protect against such threats and serves as a reminder that even trusted software can be exploited by malicious actors.
By
By
By
By