A group of hackers connected with the North Korean program have kept their crypto extortion efforts alive in 2020.

A group of North Korean hackers running under the name “Lazarus” targeted a number of crypto exchanges in 2015, according to a report released by Chainalysis.

One of the attacks included the development of a phony trading bot which was used to workers of the DragonEx exchange. Findings reveal that in March 2019, the hackers took roughly $7 million in numerous cryptocurrencies from the Singapore- based exchange.

Cybersecurity supplier Cyfirma alerted in June about a huge crypto phishing project that might be introduced by the North Korean hacker group.

The project will apparently target 6 countries and over 5 million services and people. For now, there are no validated indications that the group prepares to continue with this huge attack.

Authorities sanction partners

The hacker group is likewise understood to have taken an incredible $571 million in cryptocurrencies considering that early 2017, according to a research study performed by cybercrime business, Group- IB.

In March, the U.S. Department of the Treasury’s Office of Foreign Assets Control, or OFAC, approved 2 Chinese nationals implicated of laundering cryptocurrency that was taken in a 2018 crypto exchange hack.

New ransomware emerges

On July 28, a research study carried out by the anti-virus maker and malware laboratory, Kaspersky, revealed that a brand-new ransomware had actually been produced byLazarus This brand-new danger, referred to as VHD, primarily targets the internal networks of business in the financial sector.

James McQuiggan, security awareness supporter at KnowBe4, discussed to Cointelegraph how the VHD ransomware runs:

” A VHD, or Virtual Hard Disk, is a comparable idea to that of a USB drive. Instead of physically placing the USB drive into the port on a computer system, the VHD file can be downloaded onto a system to introduce the ransomware attack procedure. For cybercriminals, they do not require physical gain access to, simply electronic access to download the file. This kind of attack needs access to the systems. By making use of external and susceptible facilities or systems, they get the gain access to required.”

Group running solo ops

Kaspersky scientists hypothesized on the possible factors behind Lazarus’ working solo ops:

“We can only speculate about the reason why they are now running solo ops: maybe they find it difficult to interact with the cybercrime underworld, or maybe they felt they could no longer afford to share their profits with third parties.”

Lazarus normally breaches a business’s network to secure their information. They then continue to ask victims for a crypto-based ransom, with a choice for Monero (XMR).