The Lazarus Group has been discovered behind a new cyberattack campaign dubbed HaoBao targeting banks and Bitcoin users via spear phishing lures that deliver a new cryptocurrency scanner that hunts for Bitcoin wallets.
The attack campaign uses spear-phishing emails impersonating job recruiters, a tactic previously seen from the group – widely believed by researchers to operate out of North Korea – last year.
In January 2018, researchers detected the start of a new campaign when they found a malicious document disguised as job recruitment for a business development executive located in Hong Kong. More malicious files with the same “Windows User” author appeared from January 16-24. While the fake job recruitment messages are similar to those seen last year, the implants in this campaign have never been previously seen in the wild or used in previous Lazarus Group attacks, says Ryan Sherstobitoff, McAfee senior analyst of malware campaigns.
Read more about the new Lazarus Group cyberattack campaign that combines spear-phishing techniques with a cryptocurrency scanner designed to scan for Bitcoin wallets on DarkReading.