North Korean hacking-group Lazarus continue to improve their malware and in their effort to steal cryptocurrency from individuals and organizations alike.
Ever since its discovery in 2018, the AppleJeus campaign’s goal has been to steal cryptocurrency from both individuals and organizations.
The new initiative of the hacking group Lazarus continues in its predecessor’s footsteps, albeit with some alterations, giving birth to Operation AppleJeus Sequel.
The usage of fake crypto-trading firms is still employed by the hackers, but this time they’re targeting victims through messenger apps such as Telegram, with links to groups on the app, which are then used to deliver a payload that infects the victim’s operating system. After the infection is complete, the hackers can take a sneak peek inside and steal away any cryptocurrency.
So far, several victims have been identified, with some being organizations across Europe and China, though none have ever been named publicly. The campaign has been carefully set up to avoid detection, with initial access to systems only being used to determine whether or not to steal what’s in the system through checking its information and only delivering the final payload to those deemed appropriate for the hackers’ goal.
It’s not a secret that the Pyongyang-backed group is stealing cryptocurrency to fill the North’s treasuries little by little, but researchers can’t say with certainty how much the Operation has stolen so far. A report from the United Nations estimated that attacks against banks and cryptocurrency exchanges by the North have resulted in more than $2 billion being stolen.