Kimsuky targeted two crypto firms with Durian, using exclusive security software and deploying AppleSeed and LazyLoad for attacks.
North Korean hackers have launched attacks on South Korean crypto firms using a new malware called “Durian,” reports cybersecurity firm Kaspersky.
Kimsuky utilized Durian to target two crypto companies, leveraging exclusive security software and deploying multiple malware, including the “AppleSeed” backdoor and LazyLoad proxy tool, enabling command execution, file downloads, and data exfiltration.
Kaspersky noted that Andariel, a subgroup of the notorious Lazarus Group known for crypto theft, also utilized LazyLoad. Recent revelations show Lazarus laundered over $200 million in crypto between 2020 and 2023, totaling over $3 billion in stolen assets in six years.
In 2023 alone, Lazarus stole over $309 million, contributing to the $1.8 billion lost to crypto hacks that year. This indicates a significant threat from North Korean hackers to the crypto industry’s security.
The use of sophisticated malware like “Durian” by North Korean hackers underscores the pressing need for robust cybersecurity measures in the crypto industry.