Cryptocurrency companies have become the target of a sophisticated cyber attack, orchestrated by the Lazarus Group, a North Korea-aligned nation-state group. The attack was discovered by Russian cybersecurity firm Kaspersky, which has been internally tracking the versatile backdoor under the name Gopuram since 2020. Gopuram acts as a connection to a command-and-control (C2) server and enables attackers to interact with the victim’s file system and launch in-memory modules. The highest infection rates have been detected in Brazil, Germany, Italy, and France.
The attack chain discovered so far entails the use of rogue installers to distribute an information stealer (known as ICONIC Stealer), though the ultimate goal of the campaign may have been to infect targets with the full-fledged modular backdoor. The compromise is being tracked under the identifier CVE-2023-29059 and was first discovered by BlackBerry, who said the initial phase of the attack took place between the end of summer and the beginning of fall 2022.
This attack highlights the importance of cybersecurity, particularly for cryptocurrency companies. It is vital that these companies remain vigilant and are able to detect and respond to cyber threats quickly and efficiently. Organizations should also ensure they have the latest security software and patches, as well as procedures in place to mitigate the risk of a successful attack.
• A cyber attack targeting cryptocurrency companies has been linked to the North Korea-aligned Lazarus Group.
• Russian cybersecurity firm Kaspersky has been tracking the attack under the name Gopuram since 2020.
• Gopuram connects to a command-and-control (C2) server, which enables attackers to interact with the victim’s file system.
• The attack was first discovered by BlackBerry and the highest infection rates were detected in Brazil, Germany, Italy, and France.
• Organizations should ensure they have the latest security software and patches, as well as procedures in place to mitigate the risk of a successful attack.