North Korean hackers unleash ‘Durian’ malware on crypto companies

May 11, 2024
1 min read



TLDR:

– North Korean hackers deployed new Golang malware called Durian against crypto firms
– Malware includes backdoor functionality, exfiltration of files, and stealing browser-stored data

North Korean threat actor Kimsuky has been identified using a new Golang-based malware called Durian in targeted cyber attacks on two South Korean cryptocurrency firms. The malware, discovered by Kaspersky, allows for execution of commands, file downloads, and data exfiltration. The attacks, which occurred in August and November 2023, involved the use of legitimate South Korean software as an infection pathway. The malware establishes a connection to the attacker’s server to retrieve a malicious payload and initiate the infection sequence. Durian introduces additional malware, including AppleSeed and a custom proxy tool called LazyLoad, ultimately aiming to steal browser-stored data such as cookies and login credentials.

Kimsuky, active since 2012, also known as APT43, has been linked to the North Korean regime’s cyber espionage activities. LazyLoad, utilized in the attacks, was previously associated with the Lazarus Group, hinting at a potential collaboration. Kimsuky’s activities aim to compromise experts and analysts to extract valuable data for the North Korean regime. The group has also been linked to campaigns utilizing a C#-based remote access trojan and information stealer.

A separate North Korean state-sponsored group, ScarCruft, has been targeting South Korean users with Windows shortcut files leading to the deployment of RokRAT. Known as APT37, ScarCruft is aligned with North Korea’s Ministry of State Security, gathering intelligence in support of the country’s interests. The use of shortcut files in these attacks is aimed at South Korean users, particularly those related to North Korea.

Overall, the use of sophisticated malware like Durian highlights the evolving cyber threat landscape posed by North Korean threat actors targeting critical industries like cryptocurrency firms.


Latest from Blog

Top CISA official looks back on four years of cyber work

TLDR: Eric Goldstein, a top official at CISA, reflects on progress made in cybersecurity during his tenure. Key achievements include understanding cyber risks, collaboration with industry, and encouraging secure product development. Eric

Juggling AI cybersecurity highs and lows

TLDR: At the 2024 MIT Sloan CIO Symposium, industry leaders discussed the challenge of balancing AI’s benefits with its security risks, particularly focusing on generative AI. While generative AI can bring benefits

Get your free Cyber Security eBook now Valued at $169

“`html TLDR: Key Points: Claim your complimentary eBook worth $169 for free before May 22. The eBook covers practical applications of cyber security and network security for professionals, engineers, scientists, and students.