Connect with us
Active Currencies 14317
Market Cap $2,552,875,308,298.30
Bitcoin Share 51.62%
24h Market Cap Change $2.93

Microsoft’s latest revelation about Lazarus Group is all you need to know

2min Read

Share this article

  • Microsoft, in a new report, identified the threat actor that came into play before the malware attack
  • Volexity also issued a list of recommendations for users to mitigate the risks posed by these malwares

A new report published by tech giant Microsoft took a closer look at the malicious activities perpetrated by Lazarus Group. Recall that the Lazarus Group was the notorious hacker group based out of North Korea. 

DEV-0139 targeting crypto traders

According to the report, Microsoft identified a threat actor that was targeting cryptocurrency traders. The threat actor, dubbed DEV-0139, reportedly gained the target’s trust before deploying its malware attack. The method starts by identifying potential targets through Telegram groups. 

Once a sufficient level of trust is established DEV-0139 sends an infected Excel file with the name “OKX Binance & Houbi VIP fee comparison.xls”. This happens to be a genuine looking document that contains fee structures. However, the file is embedded with a malicious program that grants a backdoor to the perpetrator. 

Report by Volexity

Microsoft’s claims were also backed by American cybersecurity firm Volexity, which identified DEV-0139 as the latest strain of the AppleJeus malware. This malware was traced back to the Lazarus Group. 

“Technical analysis of the deployed AppleJeus malware uncovered a new variation of DLL side-loading that Volexity has not seen previously documented as in the wild.” the firm stated. 

According to Volexity, the increased scrutiny and notoriety of Lazarus prompted it to resort to this modified malware. The malware happens to be relatively low-profile but requires more effort to succeed. 

Recommendations to defend against DEV-0139

Microsoft recommended its users to change the Excel macro security settings to control which macros run and under what circumstances. Additionally, the company also asked users to turn on the Microsoft attack surface reduction rules. 

Volexity also issued a list of recommendations for users to mitigate the risks posed by these malwares. In addition to blocking Macro execution in Microsoft Office, the firm asked users to use the YARA rules. These rules would help detect malicious activities and block certain IOCs.  

The Lazarus Group

The Lazarus Group has been involved in several hacks and exploits this year. The exploits, have thus, resulted in the loss of hundreds of millions of dollars. The most high profile hack was the one carried out on Axie Infinity’s Ronin Bridge back in March. This resulted in the loss of $600 million. 

Other known attacks include the $100 million hack on the Harmony Protocol in June. This group was also blamed by Japan’s National Police Agency for a string of phishing attacks aimed at stealing crypto assets from the country’s crypto firms.  


Saman Waris works as a News Editor at AMBCrypto. She has always been fascinated by how the tides of finance and technology shape communities across demographics. Cryptocurrencies are of particular interest to Saman, with much of her writing centered around understanding how ideas like Momentum and Greater Fool theories apply to altcoins, specifically, memecoins. A graduate in history, Saman worked the sports beat before diving into crypto. Prior to joining AMBCrypto 2 years ago, Saman was a News Editor at Sportskeeda. This was preceded by her stint as Editor-in-Chief at EssentiallySports.
Read the best crypto stories of the day in less than 5 minutes
Subscribe to get it daily in your inbox.
Please check the format of your first name and/or email address.

Thank you for subscribing to Unhashed.