Lazarus Group Hackers Targeting South Korea Again

The latest report published by Recorded Future unveils the details of how North Korean hackers Lazarus Group were attacking South Korean crypto exchanegs users
18 January 2018   891

Lazarus is a cybercrime group of an unknown number of individuals, which is not much known about, but the researchers believe that there is a large number of cyber attacks undertaken by the group, including WannaCry attack.

The representatives of Recorded Future, a system which automatically serves up relevant insights in real time and at unparalleled scale with its own patented technology, have published a report on January 16 linking the Lazarus Group to attacks on cryptocurrency Bitcoin and Monero users mostly in South Korea.

The report states that Lazarus Group has continued to attack South Korean cryptocurrency exchanges and users in late 2017, and this campaign also targeted South Korean college students interested in foreign affairs and part of a group called “Friends of Ministry of Foreign Affairs".

Lazarus Group in the Recorded futureLazarus Group in the Recorded Future

Moreover, it was reported that the malware used shared code with Destover malware, which was used against Sony Pictures Entertainment in 2014 and the first WannaCry victim in February 2017.

As it was also stated in a report, the dropper of the attack exploited the Ghostscript vulnerability, CVE-2017-8291, and also the tactic of spear-phishing lures containing a malware which were sent to South Korean students and users of exchanges like Coinlink. If the user opened the malware it stole their email addresses and passwords.

This late-2017 campaign is a continuation of North Korea’s interest in cryptocurrency, which we now know encompasses a broad range of activities including mining, ransomware, and outright theft.

Recorded Future report

In general, Lazarus Group and North Korean hackers are blamed for $ 7 million theft from Bithumb in February 2017 and 17% of Youbit exchange assets stolen by cyber attacks following an earlier attack in April 2017.

Binance to Join Forces With IdentityMind

IdentityMind provides exchanges with ability to comply with KYC\AML worldwide
26 March 2019   86

Binance announced an agreement with IdentityMind, which will help it ensure compliance with regulatory requirements and improve data security.

IdentityMind provides cryptocurrency exchanges with access to the platform, thanks to which they can monitor compliance with customer identification and anti-money laundering requirements in real time. This includes connecting new customers, managing their profiles and monitoring transactions.

The partnership between Binance and IdentityMind further strengthens our compliance capabilities and our commitment to re-invest in the blockchain ecosystem and grow it. We continue to evolve and enhance security systems while adhering to regulatory mandates in the countries we operate in. The goal is to foster greater trust among financial institutions worldwide.

Samuel Lim

Chief Compliance Officer, Binance

Last year, Bloomberg wrote about the Binance user identification system as the least strict in the entire industry, and linked the “level of anonymity” provided by the exchange with the risks of money laundering and market manipulation.

In October, Binance entered into an agreement with a supplier of transaction analysis software on the blockchains Chainalysis, and in November with Refinitiv, which developed an automated solution for client verification.

Whether the ordinary users of the platform will feel the impact of the integration of IdentityMind tools on themselves, the exchange does not specify.