Lazarus Group Hackers Targeting South Korea Again

The latest report published by Recorded Future unveils the details of how North Korean hackers Lazarus Group were attacking South Korean crypto exchanegs users
18 January 2018   617

Lazarus is a cybercrime group of an unknown number of individuals, which is not much known about, but the researchers believe that there is a large number of cyber attacks undertaken by the group, including WannaCry attack.

The representatives of Recorded Future, a system which automatically serves up relevant insights in real time and at unparalleled scale with its own patented technology, have published a report on January 16 linking the Lazarus Group to attacks on cryptocurrency Bitcoin and Monero users mostly in South Korea.

The report states that Lazarus Group has continued to attack South Korean cryptocurrency exchanges and users in late 2017, and this campaign also targeted South Korean college students interested in foreign affairs and part of a group called “Friends of Ministry of Foreign Affairs".

Lazarus Group in the Recorded futureLazarus Group in the Recorded Future

Moreover, it was reported that the malware used shared code with Destover malware, which was used against Sony Pictures Entertainment in 2014 and the first WannaCry victim in February 2017.

As it was also stated in a report, the dropper of the attack exploited the Ghostscript vulnerability, CVE-2017-8291, and also the tactic of spear-phishing lures containing a malware which were sent to South Korean students and users of exchanges like Coinlink. If the user opened the malware it stole their email addresses and passwords.

This late-2017 campaign is a continuation of North Korea’s interest in cryptocurrency, which we now know encompasses a broad range of activities including mining, ransomware, and outright theft.

Recorded Future report

In general, Lazarus Group and North Korean hackers are blamed for $ 7 million theft from Bithumb in February 2017 and 17% of Youbit exchange assets stolen by cyber attacks following an earlier attack in April 2017.

SEC to Cease Simex Securitites Trading

As reported, under the federal securities laws the SEC can suspend trading in a stock for 10 days
23 October 2018   41

The US Securities and Exchange Commission (SEC) suspended trading in securities of the American Retail Group (OTC: ARGB), also known as Simex, Inc. This is reported on the website of the agency.

According to representatives of the regulator, the decision was caused by false statements by the company about partnership with a “qualified and approved custodian”. The company also conducted an ICO, which allegedly "officially registered in accordance with the requirements of the SEC."

The SEC does not endorse or qualify custodians for cryptocurrency, and investors should use vigilance when considering an investment in an initial coin offering.

Robert A. Cohen

Chief, SEC Enforcement Division’s Cyber Unit

As reported, the SEC can suspend trading in a stock for 10 days and generally prohibit a broker-dealer from soliciting investors to buy or sell the stock again until certain reporting requirements are met.

Also earlier this month, the American regulator recommended investors to "be vigilant when considering the possibility of investing in the ICO."