By CCN.com: The cryptocurrency sector may still be in a bearish phase, but the state-sponsored North Korean hacking group Lazarus remains absurdly bullish on the bitcoin industry – at least if its continued focus on the sector is anything to go by.
For Lazarus, Crypto Exchanges are the Geese that lay Golden Eggs
Per cybersecurity firm Kaspersky Lab, both Mac and Windows OS users remain vulnerable to the group’s ongoing hacking effort. Lazarus is understood to have launched the operation in November last year.
For this effort, the hacking group has created custom PowerShell scripts which communicate with malicious command & control (C2) servers and run commands initiated by the operator. The names of the C2 server script names are made to look like WordPress files or other open source projects.
Once control of the server is gained, the malware can collect basic information on the host. The malware is also able to download and upload files as well as execute system shell commands among other things.
The Kaspersky Lab report further states that Lazarus is only hosting malware on rented servers. Compromised servers are used to host the command & control scripts. For some reason, Lazarus is disproportionately focused on North Korea’s geopolitical rival, South Korea.
As cryptocurrency exchanges are top of the list among the North Korean hacking group’s targets, Kaspersky Lab has urged vigilance: