Some operations were disguised as hacktivist activities, with groups such as "GOP," "WhoAmI," and "New Romanic Army" claiming responsibility for these alleged hacktivism attacks. Lazarus also included misdirection on some of their campaigns. DESTOVER, a backdoor equipped with wiping capabilities, is another example. These include KILLMBR with a hard-coded wiping date, and QDDOS, which has duration date that wipes data ten days after infection. The disruptive operations performed by Lazarus involve DDOS attacks and Wipers with time-based triggers. Here are some examples of the group's objectives, tools, and procedures: The group is fairly versatile as well, as they use a wide variety of tools and tactics to perform their attacks. Lazarus and its various subgroups will typically perform disruption and misdirection operations as part of their objectives. The chart below shows a timeline of the group’s activities and objectives over the years.įigure 1: Timeline of Lazarus Group activitiesĪ quick glance at the timeline of the group’s activities provides clues on the way they operate. They are responsible for a wide array of financial theft incidents, including the aforementioned attack on a Bangladeshi bank.Ī subgroup focused on South Korean organizations and businesses using specifically tailored methods created for maximum effectivity. The organization also has “spin-off” groups, which focus on specific kinds of attacks and targets:Ī subgroup focused on attacking foreign financial institutions. The Lazarus group has had multiple operations over the years, most of which involve either disruption, sabotage, financial theft or espionage. Recently, the group was seen expanding into cryptocurrency attacks, with the use of the RATANKBA malware to target cryptocurrency companies Two of the group's most notable campaigns include the 2014 Sony hack, which involved sensitive company and personal information, and the 2016 Bangladeshi bank attack that stole millions of dollars from the financial institution. Ever since their first attacks, which involved DDoS operations against various organizations across different industries, the group has managed to step up their attacks even further. Tornado Cash is the second mixer this year sanctioned by Treasury, which in May sanctioned Blender.io for also facilitating laundering by North Korean hackers.What do the 2014 Sony hack and the 2016 Bangladeshi bank attacks have in common? Aside from being two of the most noteworthy cybercrime incidents of the past few years, these seemingly unrelated attacks are tied together by a common thread: their perpetrator, a cybercrime group called Lazarus.įew cybercrime groups throughout history have had as much disruptive power and lasting impact as the Lazarus Group. Most recently, unnamed hackers used Tornado Cash to launder nearly $8 million stolen from the hack of a blockchain bridge Nomad. Mixer technologies have become popular tools for cybercriminals looking to launder illicit funds. “Treasury will continue to aggressively pursue actions against mixers that launder virtual currency for criminals and those who assist them.”ĬyberScoop has reached out to Tornado Cash for comment, but has not yet received a response. “Despite public assurances otherwise, Tornado Cash has repeatedly failed to impose effective controls designed to stop it from laundering funds for malicious cyber actors on a regular basis and without basic measures to address its risks,” said Under Secretary of the Treasury for Terrorism and Financial Intelligence Brian E. Treasury Department expanded its sanctions against the Lazarus Group in April after tying the group to the theft. That includes funds from a $600 million theft from Ronin Bridge, a technology used by the Axie Infinity video game to connect with the Ethereum blockchain. The mixer has been used to launder more than $7 billion worth of virtual currency since 2019, including more than $455 million stolen by the Lazarus Group, according to a Treasury press release. The mixer, which combines various types of crypto assets to mask their origin, has gained notoriety as the money laundering tool of choice for the Lazarus Group, a group of state-sponsored North Korean hackers responsible for a series of massive cryptocurrency heists. The Treasury Department’s Office of Foreign Assets Control sanctioned virtual currency mixer Tornado Cash, it announced Monday.
0 kommentar(er)
