North Korean hackers have reportedly launched a new cyberattack campaign targeting South Korean cryptocurrency firms, using a unique malware variant dubbed “Durian”.
The notorious North Korean hacking group Kimsuky deployed a new malware variant in targeted attacks against at least two South Korean cryptocurrency firms.
In a recent cybersecurity revelation, it’s been reported that North Korean hackers are leveraging a novel and “striking” malware variant, known as “Durian,” in their ongoing campaign to target South Korean crypto firms.
A recent threat report issued by cybersecurity firm Kaspersky on May 9 shed light on the activities of the North Korean hacking group Kimsuky, revealing that the group employed a new malware variant in a series of targeted attacks on at least two cryptocurrency firms.
The hackers reportedly exploited legitimate security software used exclusively by these firms, leveraging the software’s vulnerabilities to infiltrate the firms’ systems and potentially steal sensitive financial data.
The Durian malware acts as an installer, deploying a persistent stream of malware components including a backdoor known as “Appleseed,” a custom proxy tool named “LazyLoad,” and other legitimate tools such as Chrome Remote Desktop.
“Durian boasts comprehensive backdoor functionality, enabling the execution of delivered commands, additional file downloads, and exfiltration of files,” wrote Kaspersky.
Kaspersky’s report also highlighted a potential connection between Kimsuky and the more notorious Lazarus Group, another North Korean hacking consortium. The cybersecurity firm noted that LazyLoad, a custom proxy tool used by Kimsuky, was also employed by Andariel, a sub-group within Lazarus Group.
The Lazarus Group, which first emerged in 2009, has since gained notoriety as one of the most prominent groups of cryptocurrency hackers in the world.
In a significant revelation on April 29, renowned independent blockchain investigator ZachXBT disclosed that the infamous Lazarus Group had managed to launder over $200 million worth of stolen cryptocurrency between 2020 and 2023.
In total, the Lazarus Group has allegedly been responsible for the theft of over $3 billion in cryptocurrency assets between 2017 and 2023.
The Lazarus Group was responsible for the theft of over $309 million in cryptocurrency assets, accounting for approximately 17% of all crypto assets stolen in 2023.
According to a report published by Immunefi on December 28, the cryptocurrency industry suffered significant losses due to hacks and exploits throughout 2023, with over $1.8 billion worth of digital assets stolen or lost.
Read also: A recent study by TRM Labs reveals that hackers associated with North Korea successfully pilfered a staggering $600 million in cryptocurrency.
