Cryptocurrency businesses still being targeted by Lazarus
Contents
It’s hardly news to anyone who follows cyberthreat intelligence that the Lazarus APT group targets financial entities, especially cryptocurrency exchanges. Financial gain remains one of the main goals for Lazarus, with its tactics, techniques, and procedures constantly evolving to avoid detection.
In the middle of 2018, we published our Operation Applejeus research, which highlighted Lazarus’s focus on cryptocurrency exchanges utilizing a fake company with a backdoored product aimed at cryptocurrency businesses. One of the key findings was the group’s new ability to target macOS. Since then Lazarus has been busy expanding its operations for the platform.
Further tracking of their activities targeting the financial sector enabled us to discover a new operation, active since at least November 2018, which utilizes PowerShell to control Windows systems and macOS malware for Apple users.
Lazarus is a well-organized group, something that can be seen from their malware population: not only have we seen them build redundancy …
In the middle of 2018, we published our Operation Applejeus research, which highlighted Lazarus’s focus on cryptocurrency exchanges utilizing a fake company with a backdoored product aimed at cryptocurrency businesses. One of the key findings was the group’s new ability to target macOS. Since then Lazarus has been busy expanding its operations for the platform.
Further tracking of their activities targeting the financial sector enabled us to discover a new operation, active since at least November 2018, which utilizes PowerShell to control Windows systems and macOS malware for Apple users.
Lazarus is a well-organized group, something that can be seen from their malware population: not only have we seen them build redundancy …
IoC
0316f6067bc02c23c1975d83c659da21
115.28.160.20
171b9135540f89bf727b690b9e587a4e
29a37c6d9fae5664946c6607f351a8dc
35e38d023b253c0cd9bd3e16afc362a7
4345798b2a09fc782901e176bd0c69b6
4cbd45fe6d65f513447beb4509a9ae3d
5182e7a2037717f2f9bbf6ba298c48fb
668d5b5761755c9d061da74cb21a8b75
6a0f3abd05bc75edbfb862739865a4cc
72fe869aa394ef0a62bb8324857770dd
86d3c1b354ce696e454c42d8dc6df1b7
Da4981df65cc8b5263594bb71a0720a1
F392492ef5ea1b399b4c0af38810b0d6
a18bc8bc82bca8245838274907e64631
ad3f966d48f18b5e7b23a579a926c7e8
cb713385655e9af0a2fc10da5c0256f5
e6d5363091e63e35490ad2d76b72e851
e9a6a945803722be1556fd120ee81199
http://115.28.160.20:443
http://bluecreekrobotics.com/wp-includes/common.php
http://dev.microcravate.com/wp-includes/common.php
http://dev.whatsyourcrunch.com/wp-includes/common.php
http://enterpriseheroes.com.ng/wp-includes/common.php
http://hrgp.asselsolutions.com/wp-includes/common.php
http://lafiz.link
http://nzssdm.com
http://nzssdm.com/assets/mt.dat
http://nzssdm.com/assets/wwtm.dat
https://baseballcharlemagnelegardeur.com/wp-content/languages/common.php
https://bogorcenter.com/wp-content/themes/index2.php
https://eventum.cwsdev3.bi.com/wp-includes/common.php
https://streamf.ru/wp-content/index2.php
https://towingoperations.com/chat/chat.php
https://vinhsake.com//wp-content/uploads/index2.php
https://www.tangowithcolette.com/pages/common.php
115.28.160.20
171b9135540f89bf727b690b9e587a4e
29a37c6d9fae5664946c6607f351a8dc
35e38d023b253c0cd9bd3e16afc362a7
4345798b2a09fc782901e176bd0c69b6
4cbd45fe6d65f513447beb4509a9ae3d
5182e7a2037717f2f9bbf6ba298c48fb
668d5b5761755c9d061da74cb21a8b75
6a0f3abd05bc75edbfb862739865a4cc
72fe869aa394ef0a62bb8324857770dd
86d3c1b354ce696e454c42d8dc6df1b7
Da4981df65cc8b5263594bb71a0720a1
F392492ef5ea1b399b4c0af38810b0d6
a18bc8bc82bca8245838274907e64631
ad3f966d48f18b5e7b23a579a926c7e8
cb713385655e9af0a2fc10da5c0256f5
e6d5363091e63e35490ad2d76b72e851
e9a6a945803722be1556fd120ee81199
http://115.28.160.20:443
http://bluecreekrobotics.com/wp-includes/common.php
http://dev.microcravate.com/wp-includes/common.php
http://dev.whatsyourcrunch.com/wp-includes/common.php
http://enterpriseheroes.com.ng/wp-includes/common.php
http://hrgp.asselsolutions.com/wp-includes/common.php
http://lafiz.link
http://nzssdm.com
http://nzssdm.com/assets/mt.dat
http://nzssdm.com/assets/wwtm.dat
https://baseballcharlemagnelegardeur.com/wp-content/languages/common.php
https://bogorcenter.com/wp-content/themes/index2.php
https://eventum.cwsdev3.bi.com/wp-includes/common.php
https://streamf.ru/wp-content/index2.php
https://towingoperations.com/chat/chat.php
https://vinhsake.com//wp-content/uploads/index2.php
https://www.tangowithcolette.com/pages/common.php