Hackers from the Lazarus group, which is associated with the authorities of North Korea, in the near future may attack cryptocurrency exchanges and technological startups with the use of new developments. This is reported by experts of the antivirus company Kaspersky Lab.
According to them, hackers have developed their own scripts for PowerShell automation tools, which disguised as files of popular open source projects, in particular, WordPress. With their help, they redirect users to malicious C2 servers.
After creating a malware management session on the server, it can download and upload files, update the malware configuration and collect basic information about the host,” the report of Kaspersky Lab says.
The specialists recommended that representatives of cryptocurrency companies observe precautions when installing software.
“Check for new software with antivirus and never activate macros in Microsoft Office documents from new or unreliable sources,” they said.
Recall, according to the company Group-IB, in 2017-2018, hackers from the Lazarus group broke into five cryptobirds, including the Japanese Coincheck, which lost $ 534 million. According to UN experts, Pyongyang received $ 571 million in cryptocurrency using cyber attacks.