A previously unknown, financially-backed North Korean threat actor was observed testing several infection methods in the wild while adhering to a “startup” culture mentality.
The findings are from the following security researchers: proof pointcalled group TA444, saying it has been active in its current form targeting cryptocurrency exchanges since at least 2017.
The group has since adopted a start-up mindset at the end of 2022, according to an advisory released today.
“As surprising as the difference in delivery methods is the lack of a consistent payload at the end of the delivery chain.
“When other financially oriented attackers test delivery methods, they tend to load traditional payloads. […] It is a malware development element that has been incorporated, or at least dedicated, together with the TA444 operator. ”
Additionally, Proofpoint said it noticed a complete marketing strategy designed by TA444 to increase its annual recurring revenue (ARR) potential.
“It all starts with creating lure content that is of interest or need to your target. there is potential.”
Regarding the tools used during the attack, Lesnewich wrote that TA444 used “an impressive array of post-exploitation backdoors in its history.”
This list includes msoRAT, Cardinal, Rantankba suite, Cheesetray, Dyepack, as well as passive backdoors, virtualization listeners, and browser extensions that facilitate theft.
“Despite its extensive campaign and easy clustering, TA444 is a sophisticated and effective adversary that seeks to defraud victims of hundreds of millions of dollars,” Proofpoint said. I have written.
“TA444 and related clusters are estimated to have stolen nearly $400 million. […] The value of cryptocurrencies and related assets in 2021. In 2022, the group surpassed that with his one heist worth over $500 million, and during 2022 he raised over $1 billion. ”
Proofpoint’s report comes days after the US Federal Bureau of Investigation (FBI) confirmed North Korea’s Lazarus Group. was behind the $100 million theft From the cryptocurrency company Harmony.
