Lazarus is back, targeting organizations with cryptocurrency thefts via TraderTraitor malware
Lazarus is back, targeting organizations with cryptocurrency thefts via TraderTraitor malware
THREAT LEVEL: Red.
For a detailed advisory, download the pdf file here
The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the U.S. Treasury Department (Treasury) have issued a joint Cybersecurity Advisory(CSA) to make organizations in the blockchain technology and cryptocurrency industry aware of a cyber threat associated with cryptocurrency attacks and phishing campaign carried out by Lazarus Group, a North Korean state-sponsored advanced persistent threat (APT) group.
The initial attack begins with sending a thousands of phishing emails to individuals of the targeted firm. They are tempted by good job opportunities – a common tactic used by the Lazarus APT to convince individuals to download trojanized cryptocurrency applications on Windows or macOS operating systems. The trojanized applications include TokenAIS, CryptAIS, and Esilet is loaded with TraderTraitor malware. These apps are cross-platform, Electron-based platform utilities created with the Node.js and JavaScript runtime environments. When the payload is executed, the attacker gains access to the victim’s computer and company network by executing commands and sending additional malware.
The MITRE ATT&CK TTPs used by Lazarus are:
TA0001: Initial Access
TA0005: Defense Evasion
TA0002: Execution
TA0040: Impact
TA0004: Privilege Escalation
TA0006: Credential Access
TA0009: Collection
TA0003: Persistence
T1204: User Execution
T1553: Subvert Trust Controls
T1566: Phishing
T1566.002 Spear phishing Link
T1059: Command and Scripting Interpreter
T1059.007: Command and Scripting Interpreter: JavaScript
T1496: Resource Hijacking
T1134: Access Token Manipulation
T1110: Brute Force
T1140: Deobfuscate/Decode Files or Information
T1113: Screen Capture
T1543: Create or Modify System Process
T1486: Data Encrypted for Impact
Actor Details
Indicators of Compromise (IoCs)
References
