Lazarus Hacker Group Adopts New Methods, Continues Targeting Crypto
Alleged North Korea-sponsored cybercrime group Lazarus is still targeting cryptocurrencies and adopting new tactics, according to a new report from cybersecurity and anti-virus company Kaspersky Lab published on March 26.
The report reveals that allegedly state-sponsored hacker group Lazarus has been active with a new operation since last November, wherein the group uses PowerShell that allows them to manage and control Windows and macOS malware.
The Lazarus team has reportedly developed custom PowerShell scripts that interact with C2 malicious servers and execute commands from the operator. C2 server script names, in their turn, are misrepresented as WordPress files, and other open source projects.
Out of 14 separate exchange breaches, five were attributed to the group, among them the industry record-breaking $532 million NEM hack of Japan's Coincheck.