Silent Push Pivots into New Lazarus Group Infrastructure, Acquires Sensitive Intel Related to $1.4B ByBit Hack and Past Attacks
Contents
Silent Push Pivots into New Lazarus Group Infrastructure, Acquires Sensitive Intel Related to $1.4B ByBit Hack and Past Attacks
Key Findings
- Silent Push analysts have managed to acquire sensitive infrastructure used by the Lazarus Advanced Persistent Threat (APT) Group.*
- We discovered the Lazarus APT Group registered the domain bybit-assessment[.]com a few hours before the historic $1.4 billion Bybit crypto heist. This domain is connected to the email address trevorgreer9312@gmail[.]com, used in previous Lazarus attacks.
- The name “Lazaro” was identified in the logs as part of a test entry that the threat actors created, which appears to allude to the Lazarus Group.
- Our team discovered 27 unique Astrill VPN IP addresses in the logs linked to test records created by Lazarus members while configuring their setup, further confirming they heavily favor this VPN.
- Fake job interviews continue to be used to lure victims on LinkedIn to download malware.
*Note: Full details will soon …
Key Findings
- Silent Push analysts have managed to acquire sensitive infrastructure used by the Lazarus Advanced Persistent Threat (APT) Group.*
- We discovered the Lazarus APT Group registered the domain bybit-assessment[.]com a few hours before the historic $1.4 billion Bybit crypto heist. This domain is connected to the email address trevorgreer9312@gmail[.]com, used in previous Lazarus attacks.
- The name “Lazaro” was identified in the logs as part of a test entry that the threat actors created, which appears to allude to the Lazarus Group.
- Our team discovered 27 unique Astrill VPN IP addresses in the logs linked to test records created by Lazarus members while configuring their setup, further confirming they heavily favor this VPN.
- Fake job interviews continue to be used to lure victims on LinkedIn to download malware.
*Note: Full details will soon …
IoC
http://quickinterview360.com
http://api.nvidia-release.org
http://198.23.241.254
http://70.36.99.82
http://91.222.173.30
http://70.32.3.15
http://easyinterview360.com
http://104.223.97.2
http://107.172.242.4
http://38.75.137.213
http://camtechdrivers.com
http://screenquestion.com
http://104.223.98.2
http://talentview360.com
http://github.com/trevor9312
http://hiringinterview.org
http://Bybit-assessment.com
http://189.1.170.50
http://Blockchainjobhub.com
http://nvidia-release.org
http://70.39.103.3
http://66.118.255.35
http://70.39.70.194
http://camdriversupport.com
http://204.188.233.66
http://45.86.208.162
http://208.115.228.234
http://199.115.99.34
http://209.127.117.234
http://talentsnaptest.com
http://91.239.130.102
http://23.106.161.1
http://willoassessment.com
http://wilio-talent.net
http://quickhire360.com
http://skillmasteryhub.org
http://107.174.131.204
http://willorecruit.com
http://talentcompetency.com
http://194.33.45.162
http://bybit-assessment.com
http://blockchainjobhub.com
http://77.247.126.189
http://74.222.14.83
http://38.170.181.10
http://199.188.200.35
http://23.106.169.120
http://gethirednow.org
http://jobinterview360.com
http://skill-share.org
http://23.83.129.1
http://155.94.255.2
http://38.32.68.195
38.75.137.213
70.32.3.15
107.174.131.204
77.247.126.189
104.223.98.2
199.115.99.34
45.86.208.162
204.188.233.66
70.39.70.194
104.223.97.2
70.36.99.82
155.94.255.2
23.106.161.1
66.118.255.35
74.222.14.83
70.39.103.3
199.188.200.35
208.115.228.234
23.83.129.1
189.1.170.50
23.106.169.120
209.127.117.234
38.32.68.195
107.172.242.4
91.222.173.30
38.170.181.10
194.33.45.162
91.239.130.102
198.23.241.254
[email protected]
[email protected]
[email protected]
http://api.nvidia-release.org
http://198.23.241.254
http://70.36.99.82
http://91.222.173.30
http://70.32.3.15
http://easyinterview360.com
http://104.223.97.2
http://107.172.242.4
http://38.75.137.213
http://camtechdrivers.com
http://screenquestion.com
http://104.223.98.2
http://talentview360.com
http://github.com/trevor9312
http://hiringinterview.org
http://Bybit-assessment.com
http://189.1.170.50
http://Blockchainjobhub.com
http://nvidia-release.org
http://70.39.103.3
http://66.118.255.35
http://70.39.70.194
http://camdriversupport.com
http://204.188.233.66
http://45.86.208.162
http://208.115.228.234
http://199.115.99.34
http://209.127.117.234
http://talentsnaptest.com
http://91.239.130.102
http://23.106.161.1
http://willoassessment.com
http://wilio-talent.net
http://quickhire360.com
http://skillmasteryhub.org
http://107.174.131.204
http://willorecruit.com
http://talentcompetency.com
http://194.33.45.162
http://bybit-assessment.com
http://blockchainjobhub.com
http://77.247.126.189
http://74.222.14.83
http://38.170.181.10
http://199.188.200.35
http://23.106.169.120
http://gethirednow.org
http://jobinterview360.com
http://skill-share.org
http://23.83.129.1
http://155.94.255.2
http://38.32.68.195
38.75.137.213
70.32.3.15
107.174.131.204
77.247.126.189
104.223.98.2
199.115.99.34
45.86.208.162
204.188.233.66
70.39.70.194
104.223.97.2
70.36.99.82
155.94.255.2
23.106.161.1
66.118.255.35
74.222.14.83
70.39.103.3
199.188.200.35
208.115.228.234
23.83.129.1
189.1.170.50
23.106.169.120
209.127.117.234
38.32.68.195
107.172.242.4
91.222.173.30
38.170.181.10
194.33.45.162
91.239.130.102
198.23.241.254
[email protected]
[email protected]
[email protected]