According to the Russian IT security company Group-IB, hackers of the Lazarus Group have managed to steal assets from crypto exchanges with a total value of 571 million US dollars since the beginning of 2017. The attacks are attributed to the North Korean government.
According to the annual report „Hi-Tech Crime Trends 2018“ of the Moscow IT security company Group-IB, Lazarus is apparently the most successful hacker group when it comes to attacking crypto exchanges around the world to tap their digital assets. Since the beginning of last year, the hackers controlled by the North Korean government have allegedly stolen wallets of various crypto currencies worth a total of 571 million US dollars. That is the equivalent of around 495.43 million euros. The cyber criminals have their sights set on the online trading centres in South Korea and Japan. The report is not yet publicly available. However, the news portal TNW already reported in advance that in 2017 and 2018 together, asset shares worth 882 million US dollars were stolen. The Lazarus Group is said to be responsible for the lion’s share of these virtual thefts.
Phishers stole 56 percent of all captured ICO wallets
Hackers in this sector mostly use traditional methods such as spear phishing, social engineering and malware. With Spear Phishing, the targets are emails. They look as if they came from a trusted source. In reality, the e-mails are used to lure the victims to fake (counterfeit) websites. There the target computers are infiltrated with the help of the malware implemented in the pages and then completely taken over. To achieve this, the cybercriminals send infected PDF documents by e-mail as an alternative, Group-IB reports.
After taking over the PCs, the hackers try to search the entire network of a company. The computers and servers containing the data of the crypto currency wallets are located. The perpetrators using phishing are said to be responsible for 56 percent of the stolen ICO assets. The report states that in the last year and a half about ten percent of all ICO wallets have been stolen. The phishing hackers should be able to collect about one million US dollars a month. The aim, however, is not only to attract the operators of crypto trading centres, but also an increasing number of people and companies that are involved in crypto mining. There is also a lot of money to be raised there.
Particularly perfidious: social engineering
In so-called social engineering, the private and professional environment of an employee is researched in order to later mislead him. The messages of the perpetrator, who pretends to be the contact person, are intended to create trust. The person (often a colleague or superior) then asks the victim to disclose passwords or other sensitive information. The hacker can maintain his deception until the person concerned has the idea of contacting the contact person elsewhere (e.g. by telephone). In this case, the fraud is discovered immediately. Of course, social engineering is much more successful with trusting or authority-hungry target persons than with skeptical people who are not afraid to make themselves unpopular with their superiors, e.g. through their control call.