North Korea-Backed Hacker Group Evolving Tactics to Attack Crypto Exchanges
- The group was behind the attack on Coincheck.

The infamous hacker group Lazarus APT is continuously targeting cryptocurrency exchanges, according to a warning by Kaspersky Lab.
In a blog post published on March 26, the Russian computer security company outlined that the motives behind the attacks are mainly financial. Moreover, the North Korea-backed hacking group is also evolving its attacking tricks and tactics to outsmart the exchanges’ security firewall.
“Financial gain remains one of the main goals for Lazarus, with its tactics, techniques, and procedures constantly evolving to avoid detection,” the post noted.
The security company detailed that Lazarus is attacking both Windows and Mac platforms using its sophisticated malware.
“In the middle of 2018, we published our Operation Applejeus research, which highlighted Lazarus’s focus on cryptocurrency exchanges utilizing a fake company with a backdoored product aimed at cryptocurrency businesses,” Kaspersky stated. “One of the key findings was the group’s new ability to target macOS. Since then Lazarus has been busy expanding its operations for the platform.”
Crypto Businesses Beware
The Kaspersky Labs also advised cryptocurrency businesses to take extra caution with security measures in the presence of these notorious groups laying traps to steal public money.
“If you’re part of the booming cryptocurrency or technological Startup Startup A company operating within its first stage of investing is known as a startup. While startups may give the impression that the company must be new, that is not always the case.Many companies can have this designation after nearly three years of existence. Typically, a company exits the startup status after a period between 3 to 5 years or after successful funding rounds where capital is acquired. Startups tend to derive out of the belief that there is a demand for a service or product which is c A company operating within its first stage of investing is known as a startup. While startups may give the impression that the company must be new, that is not always the case.Many companies can have this designation after nearly three years of existence. Typically, a company exits the startup status after a period between 3 to 5 years or after successful funding rounds where capital is acquired. Startups tend to derive out of the belief that there is a demand for a service or product which is c Read this Term industry, exercise extra caution when dealing with new third parties or installing software on your systems [...] And never ‘Enable Content’ (macro scripting) in Microsoft Office documents received from new or untrusted sources,” the cybersecurity firm advised.
Lazarus APT is one of the most notorious hacking groups targeting crypto exchanges. Reportedly, the group is behind five digital Exchange Exchange An exchange is known as a marketplace that supports the trading of derivatives, commodities, securities, and other financial instruments.Generally, an exchange is accessible through a digital platform or sometimes at a tangible address where investors organize to perform trading. Among the chief responsibilities of an exchange would be to uphold honest and fair-trading practices. These are instrumental in making sure that the distribution of supported security rates on that exchange are effectiv An exchange is known as a marketplace that supports the trading of derivatives, commodities, securities, and other financial instruments.Generally, an exchange is accessible through a digital platform or sometimes at a tangible address where investors organize to perform trading. Among the chief responsibilities of an exchange would be to uphold honest and fair-trading practices. These are instrumental in making sure that the distribution of supported security rates on that exchange are effectiv Read this Term breaches out of a total number of 14. The most infamous attack purportedly associated with this group was the $536 million worth crypto theft from Japanese crypto exchange Coincheck, which reshaped the entire crypto market in the country.
Attacks in 2019
Despite the rising technological and business standards, crypto exchanges are not immune to cyber attacks. In less than three months in 2019, two exchanges were attacked - Cryptopia and DragonEx - and millions in funds were compromised. The most recent one is the theft of an undisclosed amount from Singapore-based crypto exchange DragonEx about which Finance Magnates reported yesterday.
The infamous hacker group Lazarus APT is continuously targeting cryptocurrency exchanges, according to a warning by Kaspersky Lab.
In a blog post published on March 26, the Russian computer security company outlined that the motives behind the attacks are mainly financial. Moreover, the North Korea-backed hacking group is also evolving its attacking tricks and tactics to outsmart the exchanges’ security firewall.
“Financial gain remains one of the main goals for Lazarus, with its tactics, techniques, and procedures constantly evolving to avoid detection,” the post noted.
The security company detailed that Lazarus is attacking both Windows and Mac platforms using its sophisticated malware.
“In the middle of 2018, we published our Operation Applejeus research, which highlighted Lazarus’s focus on cryptocurrency exchanges utilizing a fake company with a backdoored product aimed at cryptocurrency businesses,” Kaspersky stated. “One of the key findings was the group’s new ability to target macOS. Since then Lazarus has been busy expanding its operations for the platform.”
Crypto Businesses Beware
The Kaspersky Labs also advised cryptocurrency businesses to take extra caution with security measures in the presence of these notorious groups laying traps to steal public money.
“If you’re part of the booming cryptocurrency or technological Startup Startup A company operating within its first stage of investing is known as a startup. While startups may give the impression that the company must be new, that is not always the case.Many companies can have this designation after nearly three years of existence. Typically, a company exits the startup status after a period between 3 to 5 years or after successful funding rounds where capital is acquired. Startups tend to derive out of the belief that there is a demand for a service or product which is c A company operating within its first stage of investing is known as a startup. While startups may give the impression that the company must be new, that is not always the case.Many companies can have this designation after nearly three years of existence. Typically, a company exits the startup status after a period between 3 to 5 years or after successful funding rounds where capital is acquired. Startups tend to derive out of the belief that there is a demand for a service or product which is c Read this Term industry, exercise extra caution when dealing with new third parties or installing software on your systems [...] And never ‘Enable Content’ (macro scripting) in Microsoft Office documents received from new or untrusted sources,” the cybersecurity firm advised.
Lazarus APT is one of the most notorious hacking groups targeting crypto exchanges. Reportedly, the group is behind five digital Exchange Exchange An exchange is known as a marketplace that supports the trading of derivatives, commodities, securities, and other financial instruments.Generally, an exchange is accessible through a digital platform or sometimes at a tangible address where investors organize to perform trading. Among the chief responsibilities of an exchange would be to uphold honest and fair-trading practices. These are instrumental in making sure that the distribution of supported security rates on that exchange are effectiv An exchange is known as a marketplace that supports the trading of derivatives, commodities, securities, and other financial instruments.Generally, an exchange is accessible through a digital platform or sometimes at a tangible address where investors organize to perform trading. Among the chief responsibilities of an exchange would be to uphold honest and fair-trading practices. These are instrumental in making sure that the distribution of supported security rates on that exchange are effectiv Read this Term breaches out of a total number of 14. The most infamous attack purportedly associated with this group was the $536 million worth crypto theft from Japanese crypto exchange Coincheck, which reshaped the entire crypto market in the country.
Attacks in 2019
Despite the rising technological and business standards, crypto exchanges are not immune to cyber attacks. In less than three months in 2019, two exchanges were attacked - Cryptopia and DragonEx - and millions in funds were compromised. The most recent one is the theft of an undisclosed amount from Singapore-based crypto exchange DragonEx about which Finance Magnates reported yesterday.