It has been reported that North Korean computer hackers have started attacks on South Korean crypto companies using a striking new malware called Durian. According to a threat report dated May 9 by cybersecurity firm Kaspersky, the North Korean hacking group Kimsuky has used the new malware in a series of targeted attacks on at least two cryptocurrency companies so far.
Security Company Issues a Striking Warning
This step was addressed through a persistent attack utilizing legitimate security software exclusively used by South Korean crypto firms.
The previously unknown Durian malware acts as an installer that distributes a continuous stream of malware, including a special proxy tool known as LazyLoad and other legitimate tools such as Chrome Remote Desktop. The Kaspersky team shared the following statements:
“Durian has comprehensive backdoor functionality that allows the execution of delivered commands, additional file downloads, and data leakage.”
Furthermore, Kaspersky noted that LazyLoad is also used by Andariel, a subgroup of the North Korean hacking consortium Lazarus Group; this suggests a weak link between Kimsuky and the more infamous hacking group.
Crypto Market and Hack Attacks
First emerging in 2009, Lazarus has established itself as one of the most notorious groups of crypto hackers. On April 29, independent blockchain detective ZachXBT revealed that the Lazarus group successfully laundered over 200 million dollars in illicitly obtained crypto between 2020 and 2023.
In total, the Lazarus Group is accused of stealing more than 3 billion dollars in crypto assets over the six years up to 2023. It is known that Lazarus stole more than 309 million dollars in 2023 alone, which accounts for over 17% of the total funds stolen that year. According to a report by Immunefi dated December 28, over 1.8 billion dollars worth of crypto assets were lost in 2023 due to hacking and exploitation of vulnerabilities.
