Search
HomeCryptoNorth Korean Hackers Introduce Fresh Golang Malware 'Durian' Targeting Crypto Companies
Crypto

North Korean Hackers Introduce Fresh Golang Malware ‘Durian’ Targeting Crypto Companies

admin
By admin

-

36
0

North Korean Threat Actor Kimsuky Deploys Golang-Based Malware Durian in Cyber Attacks on South Korean Cryptocurrency Firms

North Korean Hackers Deploy Golang-Based Malware in Cyber Attacks on South Korean Cryptocurrency Firms

In a recent development, the North Korean threat actor known as Kimsuky has been identified using a new Golang-based malware called Durian to carry out targeted cyber attacks on two South Korean cryptocurrency firms. The attacks, which took place in August and November 2023, involved the use of legitimate South Korean software as an infection pathway.

According to Kaspersky’s APT trends report for Q1 2024, Durian is equipped with comprehensive backdoor functionality, allowing the attackers to execute commands, download additional files, and exfiltrate data from the compromised systems. The malware is designed to establish persistence on the host and introduce other malicious tools, including AppleSeed, LazyLoad, ngrok, and Chrome Remote Desktop.

One of the notable aspects of the attack is the use of LazyLoad, a tool previously associated with Andariel, a sub-cluster within the Lazarus Group. This raises the possibility of collaboration or tactical overlap between the two threat actors. Kimsuky, also known as APT43, Black Banshee, and other aliases, is believed to be a subordinate element of the 63rd Research Center within North Korea’s Reconnaissance General Bureau.

The U.S. Federal Bureau of Investigation (FBI) and the National Security Agency (NSA) have warned that Kimsuky’s primary mission is to steal data and gather geopolitical insights for the North Korean regime. The group has also been linked to campaigns involving a C#-based remote access trojan and an information stealer called TutorialRAT.

In a separate incident, another North Korean state-sponsored hacking group called ScarCruft, also known as APT37, has been targeting South Korean users with Windows shortcut files that lead to the deployment of RokRAT. This group, aligned with North Korea’s Ministry of State Security, is focused on covert intelligence gathering to support the nation’s strategic interests.

The cybersecurity community is closely monitoring these developments, highlighting the ongoing threat posed by North Korean hackers and the need for enhanced security measures to protect against such sophisticated cyber attacks.

Previous article
Is China the Next Destination for Hong Kong Ethereum ETFs as Outflows Continue for Third Consecutive Day?
Next article
EMURGO partners with GSR to enhance Cardano Blockchain Ecosystem

LATEST POSTS

Bitcoin

Analysts predict Bitcoin price will maintain $265K level after consolidation phase concludes

Bitcoin Price Could Triple to $260,000, Says CryptoQuant CEO Title: Bitcoin Price Could Triple, Surpass $260,000, Says CryptoQuant CEO Bitcoin's price may skyrocket to over $260,000...
Blockchain

Top 3 Blockchain Stocks with Great Potential for Investment in May 2024

The 3 Most Undervalued Blockchain Stocks to Buy in May 2024 Title: "Top 3 Undervalued Blockchain Stocks to Watch in May 2024" In the fast-paced world...
Crypto

Voting solely based on cryptocurrency is foolish

The Exploitation of the Crypto Industry by US Presidential Candidates: A Call to Action US presidential candidates are leveraging the crypto industry for money and...
Ethereum

The Impact of the US Election on the Future of Ethereum ETFs – DL News

Challenges Ahead for Ethereum Spot ETFs: SEC Likely to Deny Applications on May 23 The Securities and Exchange Commission is expected to deny applications for...
Load more

Most Popular

Latest articles

Popular Updates

Popular Categories

bitcoin
Bitcoin (BTC) $ 68,438.34
ethereum
Ethereum (ETH) $ 2,649.58
tether
Tether (USDT) $ 1.00
bnb
BNB (BNB) $ 597.21
solana
Solana (SOL) $ 159.06
usd-coin
USDC (USDC) $ 1.00
xrp
XRP (XRP) $ 0.539977
staked-ether
Lido Staked Ether (STETH) $ 2,649.58
dogecoin
Dogecoin (DOGE) $ 0.143005
tron
TRON (TRX) $ 0.156416