A group of cyber-criminals conspires in favor of the pandemic and the Covid? Learn more about the “Lazarus Group” and the most controversial hacking attack.
Almost a year after the Covid 19 pandemic was declared in the world; the desire for a cure or a vaccine that would allow everything to return to normal is within the hopes of many people. As it is something that affects all of us in one way or another; the news that a group of hackers steal sensitive information related to the research on Covid; puts in doubt which are the real priorities of these people; and how they are above the collective health of all of us. Furthermore; it also makes us question the power of a hacking attack.
In times when sensitive information represents a valuable object in the wrong hands; cyber-criminal groups do not rest in order to achieve their malicious objectives; and the hackers of the Lazarus group do not miss the opportunity to carry out attacks with their fingerprints, and are responsible for penetrating the main technology companies, the crypto-currency exchanges; and now, the pharmaceutical companies. Let’s see who the Lazarus Group is and how its members managed to “hack” into Covid.
Who is the Lazarus Group? and their hacking attack.
The Lazarus Group, is a group of cybercriminals from North Korea who have been blamed for several attacks in the last decade; including companies like Sony and other countries like its neighbor South Korea. Lazarus has been considered a “state-run hacking organization” by the United States government.
Although we don’t know much about its members; these hackers travel from North Korea to China with a purpose; to be trained in the introduction of malware or viruses into computer networks, servers; and computers of all kinds. The Kim Chaek University of Technology and Kim Il-sung University are involved in this cyber-training. In short, cybercriminals are trained to hack.
The ciber-attack of the Lazarus Group and those most affected
Lazarus’ history includes multiple attacks on companies and organizations in other countries; citizens and companies in South Korea were some of the most affected. Everything indicates that the group made its debut by attacking this country; attacking them on multiple occasions.
Among the attacks on its neighboring nation was Operation Troy in 2009; in which they used Mydoom and Dozer malware on a large scale to carry out “DoS” attacks on websites in South Korea and the United States. This attack was a cyber campaign to reach the South Korean government directly in its capital.
Later; Lazarus also went so far as to attack the media, financial institutions and the most important infrastructure of South Korea; as well as a massive erasure of information from financial companies; Internet service providers and broadcasting companies. Lazarus carried out these attacks in 2011 and 2013 respectively; through methods such as DoS and Darkseid.
One of the most notable “works” of these hackers was against the Sony Pictures studio; where the Lazarus Group stole all types of information. This included data such as salary information of company executives; personal information of more than 4000 employees and their families; copies of unreleased films, scripts of several films, and even plans for future films. The group’s attack tried to prevent the release of the film “The Interview”; because it made a mockery of the political issues surrounding North Korea and the country’s administrator.
Other attacks by Lazarus; have involved banks in countries such as Vietnam, Ecuador, Bangladesh, among others; managing to steal approximately more than 70 million dollars.
Encrypted hacking attack on money.
Lazarus; not satisfied with just having extorted money from governments and Sony with its employees; the criminal group has also carried out several attacks on different crypto-currency exchange sites; attacking user accounts and companies; to steal their money directly from their wallets or virtual banks; some companies have gone bankrupt because of the amounts of money stolen by the group.
Since 2017; authorities have reported several attacks on crypto-currency platforms such as Bitcoin and Monero against users in South Korea; used a similar method of attack to those used to attack Sony. One of their tactics is the use of “spearfishing” decoys; these contained malware sent to students in South Korea; and to users of cryptography exchanges such as Coinlink. Once the user opened the link; the malware was activated, stealing passwords and email addresses.
The Lazarus Group managed to steal up to $7 million from a South Korean stock exchange called Bithumb; and it has also led to the closure of companies such as Youbit; a Bitcoin trading company which was robbed of 17% of its lost assets; as a result of several cyber-attacks in a row.
In 2019 it was confirmed that Lazarus had managed to use at least four new types of malware in its hacking attacks; such as “Backdoor Yort”, “the GMERA Trojan” and a first-phase implant called “Macloader”; which was discovered in June 2020. All of them used to attack cryptography businesses.
Information about the Covid.
They revealed that in September and October 2020; the Lazarus Group attacked a health ministry with the wAgent malware; which had previously been used to attack cryptography companies and a pharmaceutical company; that was authorized to produce and distribute the Covid 19 vaccines. The company was hacked using the BookCode malware; which had previously been attributed to Lazarus.
These malwares were intended to function as backdoors in all their functions; giving operators full control over infected machines and devices; and using different TTP (tactics, techniques; and procedures) in each attack.
For this raid, the cyber-crooks posed as health officials to contact employees of the pharmaceutical company; using malicious links to reach other large pharmaceutical companies. However; we know that the only company affected is a British company called AstraZeneca, where several employees involved in research related to the creation of vaccines for Covid 19 were attacked. The pharmaceutical company has not confirmed anything about this.
Although we do not know precisely what the Lazarus Group intends to gain from these attacks; it is rumored that they tried to steal this information to sell it for profit; as well as part of possible extortion or swindle plans; and to provide foreign leaders with access to patented research on the Covid 19 vaccine.