All you need to know is Microsoft’s latest reveal of the Lazarus Group

  • In a new report, Microsoft identified the threat factor that entered the game before the malware attack
  • Volexity has also released a list of recommendations for users to mitigate the risks of this malware

A new report published by tech giant Microsoft takes a closer look at the malicious activities perpetrated by the Lazarus Group. Remember, the Lazarus Group was a notorious hacker group based in North Korea.

DEV-0139 targets cryptocurrency traders

according to a reportMicrosoft has identified a threat actor targeting cryptocurrency traders. The threat actor, dubbed DEV-0139, allegedly gained the target’s trust before deploying its malicious attack. The method starts with identifying potential targets through Telegram groups.

Once a sufficient level of trust is established, DEV-0139 sends an infected Excel file named “OKX Binance & Houbi VIP fee Comparison.xls”. This happens to be a real document containing graphic structures. But the file is embedded with malware that provides a backdoor to the perpetrator.

Report from Volexity

Microsoft’s claims were also backed up by the US cybersecurity firm viscosity, which identified DEV-0139 as the latest strain of AppleJeu malware. This malware has been traced back to the Lazarus group.

“Technical analysis of malware distributed AppleJeus has revealed a new variant of DLL sideloading that Volexity had not previously seen documented in the wild.” The company reported.

According to Volexity, the increasing scrutiny and popularity of Lazarus has prompted them to turn to this modified malware. Malware happens to be relatively low profile but requires more effort to succeed.

Recommendations for Defense Against DEV-0139

Microsoft has advised its users to change the Excel macro security settings to control which macros are run and under what conditions. In addition, the company also required users to enable Microsoft’s attack surface mitigation rules.

Volexity has also released a list of recommendations for users to mitigate the risks of this malware. In addition to banning the execution of macros in Microsoft Office, the company required users to use them Yara rules. These rules will help detect malicious activities and block some of them International Olympic Committee.

Lazarus group

The Lazarus Group has been involved in several hacks and exploits this year. Thus, the companies incurred losses estimated at hundreds of millions of dollars. The most famous hack was the one performed on Axie Infinity’s Ronin Bridge Back in March. This resulted in a loss of $600 million.

Another known attack was the $100 million hack Harmony protocol in June. This group was too The blame on by the Japanese National Police Agency for a series of phishing attacks aimed at stealing crypto assets from crypto companies in the country.

Leave a Reply

Your email address will not be published. Required fields are marked *