- North Korean hackers are targeting South Korean cryptocurrency companies and distributing ‘Durian’ malware.
- The resurgence of dormant hackers like Careto highlights the evolving cybersecurity landscape.
- Hacktivist groups like SiegedSec expand their offensive operations amid global social and political events.
The first quarter of 2024 has proven to be particularly eventful, with notable results and trends emerging on the front lines of cybersecurity. From the deployment of sophisticated malware variants to the resurgence of long-dormant threat actors, the cyber threat landscape continues to change and presents new challenges to security professionals around the world.
A recent report from Kaspersky’s Global Research and Analysis Team (GReAT) has revealed surprising facts that shed light on the activities of various Advanced Persistal Threat (APT) groups.
Durian malware targets Korean cryptocurrency company
Among GReAT’s findings is the emergence of the ‘Durian’ malware, attributed to the North Korean hacking group Kimsuky. It has been used to target domestic cryptocurrency companies and boasts a high degree of sophistication, boasting comprehensive backdoor functions.
The deployment of the Durian malware marks a notable increase in Kimsuky’s cyber capabilities, demonstrating its ability to exploit vulnerabilities within the target organizations’ supply chains.
Kimsuky demonstrates a calculated approach to bypassing traditional security mechanisms by infiltrating legitimate security software dedicated to South Korean cryptocurrency companies. This mode of operation highlights the need for heightened vigilance and proactive security strategies within the highly risky cryptocurrency sector.
Kimsuki’s connection to the Lazarus Group
The Kaspersky report further reveals subtle links between Kimsuky and the Lazarus Group, another North Korean hacking consortium. Although historically separate entities, the utilization of similar tools such as LazyLoad suggests potential collaboration or tactical linkage between these crypto threat actors.
The findings highlight the interconnected nature of cyber threats, where alliances and partnerships can amplify the impact of malicious activity.
The revival of a dormant cryptocurrency hacking group
At the same time, the APT trends report shows the resurgence of long-dormant threat actors, such as the Careto group, which was last seen active in 2013.
Despite years of dormancy, Careto reemerged in 2024 with a series of targeted campaigns using custom technology and sophisticated implants to infiltrate high-profile organizations. This resurgence is a stark reminder that cyber threats never truly go away. They just adapt and evolve.
Other cryptocurrency hacking groups threatening the world
The Kaspersky report also highlights the emergence of new malware campaigns targeting Middle Eastern government agencies, such as “DuneQuixote.” Featuring sophisticated evasion techniques and practical evasive methods, these campaigns highlight the evolving tactics of threat actors in the region.
The implant “SKYCOOK” is also appearing, utilized by Oilrig APT targeting Internet service providers in the Middle East.
Meanwhile, in Southeast Asia and the Korean Peninsula, the activities of threat actors such as DroppingElephant continue to pose significant challenges. Leveraging malicious RAT tools and leveraging platforms like Discord for distribution, these actors demonstrate a multi-pronged approach to cyber espionage. Using legitimate software as an initial infection vector further complicates detection and mitigation efforts, highlighting the need for improved threat intelligence and collaboration between stakeholders.
On the hacktivism front, groups like SiegedSec have stepped up their offensive operations, targeting corporate and government infrastructure in pursuit of social justice-related goals. Focused on hacking and leak operations, these groups leverage current social and political events to amplify their message and influence.