Lazarus Group: Responsible for the Largest Cyber Attacks

The Lazarus Group is one of the top cyber threat groups around the globe in today’s time. Always in the headlines, they carry out hacking campaigns worldwide. The group is made up of an unknown number of individuals from North Korea. They have been given different names by cybersecurity organizations including “Hidden Cobra” (given by United States Intelligence Community), and “Zinc” (by Microsoft). It usually targets cryptocurrency firms by sending these financial organizations phishing messages via LinkedIn.

Cybersecurity analysts and researchers have recently detected events that have revealed that the Lazarus group is broadening the spectrum of its malicious campaign. The group has taken to Microsoft-owned LinkedIn to send phishing messages to the victims’ personal LinkedIn accounts. This is aimed to trick their victims into disclosing their e-wallet credentials. Using these credentials, hackers can easily access the victims’ online bank accounts and cryptocurrency wallets and withdraw money from them.

Researchers and security professionals have concluded that the Lazarus group has been continuing its malicious activities for years and this time their campaigns are more money-driven than information-driven. This has increased the necessity of becoming more aware and informed about social engineering attack vectors, especially for organizations that operate within the targeted verticals and financial sectors.

Does Lazarus Group pose a threat?

The Lazarus Group holds quite a superior position among hackers. They rob banks and hack cryptocurrency firms’ databases to fill their coffers. This strange group of scammers is behind some of the most successful and dangerous cyber attacks in recent years. It is high on the list of threats to national security, according to both the UK’s National Cyber Security Centre (NCSC), the NSA, and the FBI.

Researchers found out how the Lazarus group was successful in evading detection and identification. The hackers disabled the Windows Defender monitoring protocol in all of the victims’ operating systems. However, despite the implementation of methods for avoiding identification, several commands executed through cmd.exe provided security professionals with the opportunity for detecting them. 

A Brief History of Lazarus Group Attacks

The Hidden Cobra (Lazarus Group) group of cybercriminals started their malicious activities back in 2009. The group was involved in the infamous WannaCry cyber attack that took place in 2017 and was also linked to several cyber attacks dated back in history such as the Swift bank attacks. 

In 2014, Sony Pictures Entertainment was hacked by a group of hackers popularly named “Guardians of Peace” who leaked confidential information of employees working in the organization. Researchers discovered that the Lazarus group was directly or indirectly involved in perpetrating the attack. 

Lazarus Group is rapidly evolving with its tactics from using Trickbot operators to implementing macOS spyware on applications. Recently, the group has taken to MATA (Multi-platform Targeted Malware Framework) to target Windows, macOS, and Linux operating systems.

Lazarus Group Recent Cyber Attack Campaign

Attackers belonging to the infamous Lazarus Group target the system administrator belonging to a cryptocurrency firm. They craft phishing messages with fraudulent documents and send them to the administrator’s personal LinkedIn accounts. These documents mimic a tempting offer. For instance, an advertisement for a job role in a blockchain technology company that perfectly matched the profile of the victim. Naturally, this creates curiosity and tricks a user into clicking on the fraudulent documents, ensuring a successful phishing attack. 

These hackers have grown sophisticated. In 2021, they stole approximately $400 million! However, their target for 2022 is even bigger and they have already overtaken that figure. Some of the major attacks they have carried out in 2022 are:

• Blockchain-based decentralised finance (DeFi) platform BadgerDAO lost $120 million in crypto tokens in January 2022. An attack on the platform caused several crypto wallets to be drained until the platform was able to stop it. 
• The blockchain platform Ronin is behind the famous non-fungible token (NFT) game Axie Infinity. In March, the U.S. blamed the Lazarus group for the crypto breach of $625 million, possessed by developer group Sky Mavis. This attack was done in two transactions. 
• They stole as much as $100 million from a U.S. company. The crypto assets were stolen on June 23 from Horizon Bridge, a service operated by the Harmony blockchain that permits assets to be transferred to other blockchains.

Solutions for Evading Similar Attacks

As a CISO or CIO in a cryptocurrency firm, it is imperative to implement a well-rounded workplace security policy that includes an advanced cybersecurity awareness and training program.

Employees in an organization are usually the weakest link and the most frequent reason for data breaches. Due to being ill-informed and unaware of the attack vectors and social engineering methods implemented by hackers, employees easily fall prey to cyber attacks.

According to a 2020 survey, security analysts worldwide have concluded that more than 70% of all data breaches are a result of poor cyber awareness among employees.

There are multiple cybersecurity products in the market, and TSAT from Threatcop is one program that helps by simulating sophisticated replicas of real-life cyber attacks on your employees. An unlimited number of attacks can be simulated to increase security awareness.

After which the training process is initiated by imparting knowledge about various types of attack vectors through awareness content giving detailed insight on them, visual presentations on attack identification, as well as video lectures and advisories on the same.

Regular cumulative assessments are taken to ensure improvements and to initiate a better response against attacks. Such a program delivers detailed analysis of simulation reports on the dashboard to track results and provides information on progress made via assessments and knowledge imparting sessions taken by employees.

This is not the time to sit idle but to solidify and strengthen the cybersecurity infrastructure in your organization, so that hacker groups like Lazarus can’t get through your defenses.