Lazarus is a cybercrime group that is allegedly sponsored by North Korea. According to a report on March 26 from Kaspersky Lab, a popular anti-virus company, Lazarus is adopting new techniques to continue to target cryptocurrencies.
Lazarus’ new tactics utilize PowerShell, which allows the group to override control and management of macOS and Windows malware. Through this method, PowerShell scripts are made to engage with C2 malicious servers, resulting in scripts executing operator commands.
Previous reports state that Lazarus was responsible for the theft of an estimated $571 million out of all $882 million worth of cryptocurrency from 2017 to 2018. This value has been stolen from online exchanges during this time, and Lazarus is allegedly responsible for stealing 65 percent of the total amount. It is known that out of 14 cases of breach, five of these were confirmed to have been done by Lazarus. In fact, one of these was the $532-million hacking of Coincheck, which was one of Japan’s most popular exchanges.
Early March also marked the time when Cointelegraph received some reports that North Korea has actually obtained $670 million in cryptocurrencies and fiat currency as well through hacking methods. These were reportedly from financial institutions that North Korea hacked from 2015 to 2018.