Connect with us


Microsoft’s latest revelation about Lazarus Group is all you need to know



Source: Unsplash

  • Microsoft, in a new report, identified the threat actor that came into play before the malware attack
  • Volexity also issued a list of recommendations for users to mitigate the risks posed by these malwares

A new report published by tech giant Microsoft took a closer look at the malicious activities perpetrated by Lazarus Group. Recall that the Lazarus Group was the notorious hacker group based out of North Korea. 

DEV-0139 targeting crypto traders

According to the report, Microsoft identified a threat actor that was targeting cryptocurrency traders. The threat actor, dubbed DEV-0139, reportedly gained the target’s trust before deploying its malware attack. The method starts by identifying potential targets through Telegram groups. 

Once a sufficient level of trust is established DEV-0139 sends an infected Excel file with the name “OKX Binance & Houbi VIP fee comparison.xls”. This happens to be a genuine looking document that contains fee structures. However, the file is embedded with a malicious program that grants a backdoor to the perpetrator. 

Report by Volexity

Microsoft’s claims were also backed by American cybersecurity firm Volexity, which identified DEV-0139 as the latest strain of the AppleJeus malware. This malware was traced back to the Lazarus Group. 

“Technical analysis of the deployed AppleJeus malware uncovered a new variation of DLL side-loading that Volexity has not seen previously documented as in the wild.” the firm stated. 

According to Volexity, the increased scrutiny and notoriety of Lazarus prompted it to resort to this modified malware. The malware happens to be relatively low-profile but requires more effort to succeed. 

Recommendations to defend against DEV-0139

Microsoft recommended its users to change the Excel macro security settings to control which macros run and under what circumstances. Additionally, the company also asked users to turn on the Microsoft attack surface reduction rules. 

Volexity also issued a list of recommendations for users to mitigate the risks posed by these malwares. In addition to blocking Macro execution in Microsoft Office, the firm asked users to use the YARA rules. These rules would help detect malicious activities and block certain IOCs.  

The Lazarus Group

The Lazarus Group has been involved in several hacks and exploits this year. The exploits, have thus, resulted in the loss of hundreds of millions of dollars. The most high profile hack was the one carried out on Axie Infinity’s Ronin Bridge back in March. This resulted in the loss of $600 million. 

Other known attacks include the $100 million hack on the Harmony Protocol in June. This group was also blamed by Japan’s National Police Agency for a string of phishing attacks aimed at stealing crypto assets from the country’s crypto firms.  

Read the best crypto stories of the day in less than 5 minutes

Subscribe to get it daily in your inbox.

Please select your Email Preferences.

Ser Suzuki Shillsalot has 8 years of experience working as a Senior Investigative journalist at The SpamBot Times. He completed a two-hour course in journalism from a popular YouTube video and was one of the few to give it a positive rating. Shillsalot's writings mainly focus on shilling his favourite cryptos and trolling anyone who disagrees with him. P.S - There is a slight possibility the profile pic is AI-generated. You see, this account is primarily used by our freelancer writers and they wish to remain anonymous. Wait, are they Satoshi? :/

Click to comment

Leave a Reply

Your email address will not be published.

Disclaimer: AMBCrypto's content is meant to be informational in nature and should not be interpreted as investment advice. Trading, buying or selling cryptocurrencies should be considered a high-risk investment and every reader is advised to do their own research before making any decisions.