Lazarus Group’s Crypto Heist: North Korea’s Sneaky IT Workers Strike Again!

North Korea’s Lazarus group has been running an international cyber operation targeting cryptocurrency entities and developers. A hidden administrative layer called “Phantom Circuit” helps them manage stolen data and payload delivery. Despite elaborate security measures, SecurityScorecard linked the campaign to Pyongyang, revealing dual motivations of crypto theft and corporate network infiltration.

Hot Take:

Who knew North Korea’s Lazarus Group moonlights as a full-blown IT department, complete with admin layers and VPNs? Maybe they should stop hacking and start consulting—seems like their operational security is worth its weight in cryptocurrency!

Key Points:

  • Lazarus Group is operating a hidden admin layer for their global hacking campaign.
  • Their targets primarily include cryptocurrency entities and software developers.
  • The group uses a web-based admin platform for various campaigns, including impersonating IT workers.
  • SecurityScorecard discovered the “Phantom Circuit” admin layer, linking it to North Korea.
  • The group’s motivations include cryptocurrency theft and corporate network infiltration.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here