North Korean hackers use fake websites, Telegram groups to steal cryptocurrencies

According to new research by Kaspersky labs, the infamous Lazarus group used ‘enhanced capabilities’ to attack cryptocurrency businesses. The firm has been following the cyber theft campaign dubbed ‘Operation Applejues’ since 2018 and according to its report, victims across the world including the UK, China, Poland, and Russia have been affected.

The hackers used the age-old trick of creating fake crypto websites and fake trading groups on Telegram corresponding to the websites. The report noted:

“We found several fake websites that were still online when we were investigating their infrastructure. They created fake cryptocurrency-themed websites, but they were far from perfect and most of the links didn’t work.”

Source: Kaspersky

The website and the group have been laced with malicious links that aid hackers to infect the users’ devices and acquire their data.

Source: Kaspersky

The notorious group is upping the ante with sophisticated tech and methodologies and according to the research, such attacks will continue.

“Since the initial appearance of Operation AppleJeus, we can see that over time the authors have changed their modus operandi considerably. We assume this kind of attack on cryptocurrency businesses will continue and become more sophisticated.”

Lazarus Group has been one of the prominent names in the hacking community; they were named in multiple attacks since 2018. According to experts, targeting cryptocurrencies has been a consistent trend for North Korea as it offers a “financial lifeline” to escape from the crippling economic sanctions and finance development of nuclear weapons, stated the Independent. According to Kayla Izeman’s statement to the publication, cryptocurrency exploitation enables North Korea to transact with the rest of the world in ways to circumvent sanctions designed to curb its proliferation financing.

AMBCrypto reached out to Telegram for a response, and the article will be updated.