- North Korea’s notorious Kimsuky hacking group has reportedly launched cyberattacks on two South Korean crypto firms using a previously undocumented malware named Durian.
- The attacks took place between August and November 2023, involving a South Korean software exploit to gain initial access.
- Kimsuky group is well-known for conducting various phishing attacks via email to steal cryptos, with a total of 1,468 people falling victim to the crypto hackers between March and October 2023.
North Korean hacking group Kimsuky has reportedly targeted South Korean crypto firms using a new malware named Durian, marking another instance of cyber threats in the crypto sector.
The Durian Malware Attacks
According to cybersecurity solutions giant Kaspersky, the Durian malware is characterized by its “comprehensive backdoor functionality.” This feature enables the execution of delivered commands, additional file downloads, and exfiltration of files. The attacks reportedly took place between August and November 2023, involving a South Korean software exploit to gain initial access. Once the malware is established and operational on the victim’s systems, Durian deployed additional tools, including Kimsuky’s backdoor AppleSeed, and a custom proxy tool named LazyLoad.
Kimsuky’s Phishing Tactics
Kimsuky group is well-known for conducting various phishing attacks via email to steal cryptos. In December 2023, the threat group disguised as South Korean government agency representatives and journalists to steal cryptocurrencies. A total of 1,468 people fell victim to the crypto hackers between March and October 2023, according to police reports. Some of the victims also included retired government officials from diplomacy, military, and national security. The perpetrators reportedly sent legit-looking phishing mails to execute the dubious act.
Conclusion
The recent attacks by Kimsuky highlight the increasing threat of cyberattacks in the crypto sector. As digital currencies continue to gain popularity, it is crucial for individuals and firms to implement robust security measures to protect their assets. The crypto community must remain vigilant and aware of the evolving tactics used by hackers.
