lazarusholic

Everyday is lazarus.dayβ

Media Alert - Secureworks Discovers North Korean Cyber Threat Group Lazarus Spearphishing Financial Executives of Cryptocurrency Companies

2017-12-15, SecureWorks
https://www.secureworks.com/about/press/media-alert-secureworks-discovers-north-korean-cyber-threat-group-lazarus-spearphishing
#NickelAcademy

Contents

In November 2017, Secureworks Counter Threat Unit™ (CTU) researchers discovered the North Korean cyber threat group, known as Lazarus Group and internally tracked as NICKEL ACADEMY by Secureworks, had launched a malicious spearphishing campaign using the lure of a job opening for the CFO role at a European-based cryptocurrency company. CTU researchers assess this as the continuation of activity first observed in 2016, and it is likely that the campaign is ongoing. This latest round of phishing appears to have been delivered around 25 October 2017.

Additionally, the CTU researchers have uncovered evidence of North Korea’s interest in bitcoin since at least since 2013, when multiple usernames originating from a North Korean IP address were taking part in bitcoin research. At that time, the North Koreans were using proxies to mask their originating IP address, but occasionally, those proxies failed, and revealed North Korean actors’ true originating IP, which was the …