Kimsuky hacking group targets South Korean crypto firms with new malware — report
Kaspersky uncovers a potential link between Kimsuky and the notorious Lazarus Group.
Kimsuky, a North Korean hacking group, has reportedly been utilizing a new malware variant called “Durian” to launch targeted attacks on South Korean crypto firms.
The incidence is highlighted in a recently published threat intelligence report from Kaspersky. According to Kaspersky’s research, the malware is deployed specifically to break and exploit against security software used by South Korean crypto firms, at least two of which have been identified.
“Based on our telemetry, we pinpointed two victims within the South Korean cryptocurrency sector. The first compromise occurred in August 2023, followed by a second in November 2023. Notably, our investigation did not uncover any additional victims during these instances, indicating a highly focused targeting approach by the actor,” the report stated.
The Durian malware is an “initial-stage” installer. It introduces supplementary malware and establishes a persistence mechanism inside the device or instance that it attacks. Once executed, the malware generates a stage loader and adds it to the exposed operating system for automatic execution. The malware’s installation is finalized with a culminating payload written over Golang, an open-source programming language developed by Google.
The final payload then enables the execution of remote commands that instruct the exploited device to download and exfiltrate files. The choice of language is also suspect due to Golang’s efficiency for networked machines and large codebases.
Interestingly, Kaspersky’s report also revealed that LazyLoad, one of the tools deployed by Durian, has been used by Andariel, a sub-group within the notorious North Korean hacking consortium Lazarus Group. This finding suggests a potential connection between Kimsuky and Lazarus, although Kaspersky described the link as “tenuous” at best.
Lazarus Group, which first emerged in 2009, has established itself as one of the most notorious groups of crypto hackers. Independent onchain sleuth ZachXBT recently revealed that the group had successfully laundered over $200 million in ill-gotten crypto between 2020 and 2023. In total, Lazarus is accused of stealing over $3 billion in crypto assets in the six years leading up to 2023.
Last week, a US court has ordered the forfeiture of 279 crypto accounts tied to North Korean threat incidents.
The information on or accessed through this website is obtained from independent sources we believe to be accurate and reliable, but Decentral Media, Inc. makes no representation or warranty as to the timeliness, completeness, or accuracy of any information on or accessed through this website. Decentral Media, Inc. is not an investment advisor. We do not give personalized investment advice or other financial advice. The information on this website is subject to change without notice. Some or all of the information on this website may become outdated, or it may be or become incomplete or inaccurate. We may, but are not obligated to, update any outdated, incomplete, or inaccurate information.
Crypto Briefing may augment articles with AI-generated content created by Crypto Briefing’s own proprietary AI platform. We use AI as a tool to deliver fast, valuable and actionable information without losing the insight – and oversight – of experienced crypto natives. All AI augmented content is carefully reviewed, including for factural accuracy, by our editors and writers, and always draws from multiple primary and secondary sources when available to create our stories and articles.
You should never make an investment decision on an ICO, IEO, or other investment based on the information on this website, and you should never interpret or otherwise rely on any of the information on this website as investment advice. We strongly recommend that you consult a licensed investment advisor or other qualified financial professional if you are seeking investment advice on an ICO, IEO, or other investment. We do not accept compensation in any form for analyzing or reporting on any ICO, IEO, cryptocurrency, currency, tokenized sales, securities, or commodities.