- North Korean hackers deploying “Durian” malware targeting South Korean crypto firms.
- The resurgence of dormant hackers like Careto underscores the evolving cybersecurity landscape.
- Hacktivist groups like SiegedSec escalate offensive operations amidst global socio-political events.
The first quarter of 2024 has proven particularly eventful, with notable findings and trends emerging from the frontline of cyber security. From the deployment of sophisticated malware variants to the resurgence of long-dormant threat actors, the landscape of cyber threats continues to shape-shift, presenting new challenges for security experts worldwide.
A recent report by the Global Research and Analysis Team (GReAT) at Kaspersky made a striking revelation shedding light on the activities of various advanced persistent threat (APT) groups.
The Durian malware targeting South Korean crypto firms
Among the findings made by GReAT is the emergence of the “Durian” malware, attributed to the North Korean hacking group Kimsuky. It has been used to target South Korean cryptocurrency firms and it has a high level of sophistication, boasting comprehensive backdoor functionality.
The Durian malware’s deployment marks a notable escalation in the cyber capabilities of Kimsuky, showcasing their ability to exploit vulnerabilities within the supply chain of targeted organizations.
By infiltrating legitimate security software exclusive to South Korean crypto firms, Kimsuky demonstrates a calculated approach to circumventing traditional security mechanisms. This modus operandi highlights the need for enhanced vigilance and proactive security strategies within the cryptocurrency sector, where the stakes are exceptionally high.
The connection between Kimsuky and the Lazarus Group
The Kaspersky report further unveils a nuanced connection between Kimsuky and another North Korean hacking consortium, the Lazarus Group. While historically distinct entities, the utilization of similar tools such as LazyLoad suggests a potential collaboration or tactical alignment between these crypto-threat actors.
This discovery underscores the interconnected nature of cyber threats, where alliances and partnerships can amplify the impact of malicious activities.
Resurgence of dormant crypto hacking groups
In parallel, the APT trends report reveals a resurgence of long-dormant threat…