S. Korea Successfully Foils Cyber Attack by US-Sanctioned Lazarus Group: Report
According to the South Korean police, Lazarus Group attempted to hack more than 200 computers belonging to 61 South Korean institutions last year through the so-called “watering hole” attack. However, the cybercrime organization did not cause any damage as the South Korean police managed to identify Lazarus’s activity and block the attempts.
Lazarus Attacked Over 200 Computers Belonging to 61 S. Korean Institutions
Lazarus, one of the most prominent crypto cybercrime groups based in North Korea, launched cyber attacks on hundreds of computers belonging to 61 institutions from South Korea in 2022, according to Yonhap News, citing a police report. The National Police Agency (NPA) said that since June 2022, Lazarus hacked 207 computers belonging to these institutions, including eight media companies.
The computers were compromised through a “watering hole” attack that targeted security software installed. According to the NPA, to prepare for the hack, Lazarus first attacked a South Korean firm that distributes security software that is typically used for installing security plug-ins for online banking and financial services. This software is estimated to be installed on more than 10 million computers in South Korea.
The NPA also said that Lazarus had a predetermined plan in 2021 to infiltrate INISAFE – the firm that develops security software. The well-known hacking group reportedly studied the software’s flaws in recent years to build malware, but the police managed to spot the group’s activity on South Korean networks and cooperated with other agencies to preemptively block Lazarus’s further access. The NPA said that the attempts caused no actual damage.
What is the Lazarus Group?
Lazarus Group is a cybercrime organization believed to be run by the North Korean government. It is best known for stealing a whopping $620 million from a non-fungible token (NFT) game, Axie Infinity, in the biggest-ever crypto hack.
Reports from last year revealed that funds stolen in the Axie Infinity hack were moved through Tornado Cash, one of the most popular crypto mixers. Tornado was sanctioned by the US Treasury Department in August 2022 after becoming one of crypto hackers’ favorite toys.
Lazarus has been accused of numerous other major cyber-attacks recently, including the WannaCry 2.0 ransomware attack in 2017, the Bangladesh bank heist in 2016, and the Sony Pictures Entertainment hack in 2014. In 2020, the group stole $275 million from the crypto exchange KuCoin. The group snatched more than $400 million worth of crypto funds in 2021 alone.
