ZDNET reports about new Lazarus attack activity designed to steal bitcoins from global banking organizations:

Now Lazarus has resurfaced once again, with a phishing campaign which aims to plant malware on the systems of global financial organisations and bitcoin users for both short-term and long-term gain.

Dubbed ‘HaoBao’, the campaign has been uncovered by MacAfee [sic] Labs. It’s different to other phishing operations by the Lazarus group and uses novel code to infect machines.

The latest Lazarus campaign was first spotted in mid-January, when researchers discovered a malicious document being distributed via a Dropbox link, which claimed to be a job advert for a business development executive located in Hong Kong for a large multi-national bank.

The author is listed as ‘Windows User’ and the document was created in Korean, with additional similar documents appearing in the days which followed.

Attackers pose as a job recruiter, and send the target a spear-phishing email with a fake job advert, which when opened encourages the user to ‘enable content’ to see a document they’re told was created with an earlier version of Word.

The entire campaign does not appear to be all that sophisticated despite the techniques not having been previously witnessed. North Korea seems to be laser focused on stealing money rather than disruption or destruction. Now is an interesting time to focus on stealing bitcoin considering its recent major devaluation, but if Lazarus is in it for the long-term then it may prove lucrative.