Connect with us

Hi, what are you looking for?


North Korean Hackers Kimsuky Deployed Malware Targeting Crypto Firms: Kaspersky

North Korea’s notorious Kimsuky hacking group, also known as APT43, has been reportedly launching cyberattacks on two South Korean crypto firms using a previously undocumented Golang-based malware named – Durian.

Per findings from cybersecurity solutions giant Kaspersky, Durian is characterized by its “comprehensive backdoor functionality.” This feature enables the execution of delivered commands, additional file downloads and exfiltration of files.

The attacks reportedly took place between August and November 2023, involving a South Korean software exploit to gain initial access.

“Based on our telemetry, we pinpointed two victims within the South Korean cryptocurrency sector. The first compromise occurred in August 2023, followed by a second in November 2023.”

Once the malware is established and operational on the victim’s systems, Durian deployed additional tools, including Kimsuky’s backdoor AppleSeed, and a custom proxy tool named LazyLoad.

Interestingly, LazyLoad tool links to Andariel, a sub-group within the notorious Lazarus. This also raises the suspicion of shared tactics among both North Korean threat groups, the Hacker News reported.

Per reports, Kimsuky started at least 2012 and is under the North Korea’s Reconnaissance General Bureau (RGB), the country’s military intelligence agency.

Kimsuky’s Mail Mafia

Kimsuky group is well-known to have conducted various phishing attacks via email to steal cryptos.

In December 2023, the treat group disguised as South Korean government agency reps and journalists to steal cryptocurrencies. A total of 1,468 people fell victim to the crypto hackers between March and October 2023, according to police reports.

Some of the victims also included retired government officials from diplomacy, military and national security. The perpetrators reportedly sent legit-looking phishing mails to execute the dubious act.

The state-backed hacking group had previously targeted Russian aerospace defense companies “taking advantage of the coronavirus pandemic.”

According to Kommersant report, RT-Inform, the IT security arm of the Russian state-owned tech agency Rostec, noted that there has been an increase in the number of cyberattacks on the IT network during pandemic from April to September 2020. However, it neither denied nor confirmed the Kimsuky attack reports.

The post North Korean Hackers Kimsuky Deployed Malware Targeting Crypto Firms: Kaspersky appeared first on Cryptonews.

Your information is secure and your privacy is protected. By opting in you agree to receive emails from us. Remember that you can opt-out any time, we hate spam too!



Pavel Durov, the founder of Telegram, has received a generous donation from over half a million players of the viral Telegram-based clicker game called...


The crypto industry has made a record $94 million in political donations since 2023 in an effort to support pro-crypto governance. According to a...


As the Floki (FLOKI) bulls eye a quick 50% rally from current levels around $0.00021 to yearly highs above $0.00031 after a key technical...


Bank of America (BAC) upgraded its rating on Coinbase (COIN) shares from underperform to neutral on Friday and raised its price target for Coinbase to...


In a major move, Turkey drafted a crypto bill, tabled by the ruling party (AK Party) Group Chairperson Abdullah Güler on May 16, to...


Hong Kong became the first region outside mainland China to allow users to open digital wallets and hold China’s CBDC e-CNY, otherwise known as...

You May Also Like

Financial Advisors


Financial Advisors


Financial Advisors

The humongous outbreak of the dreaded coronavirus has brought about a groundbreaking change in what the world perceived as ‘normal’. With an estimated 280,391,189...

Disclaimer: Respect, its managers, its employees, and assigns (collectively "The Company") do not make any guarantee or warranty about what is advertised above. Information provided by this website is for research purposes only and should not be considered as personalized financial advice. The Company is not affiliated with, nor does it receive compensation from, any specific security. The Company is not registered or licensed by any governing body in any jurisdiction to give investing advice or provide investment recommendation. Any investments recommended here should be taken into consideration only after consulting with your investment advisor and after reviewing the prospectus or financial statements of the company.

Copyright © 2024 Respect Investment. All Rights Reserved.