{"id":20309,"date":"2024-05-13T13:30:21","date_gmt":"2024-05-13T13:30:21","guid":{"rendered":"https:\/\/coinengineer.io\/?p=20309"},"modified":"2024-05-13T10:39:59","modified_gmt":"2024-05-13T10:39:59","slug":"north-korean-hackers-target-south-korean-crypto-firms-with-new-durian-malware-variant","status":"publish","type":"post","link":"https:\/\/coinengineer.net\/blog\/north-korean-hackers-target-south-korean-crypto-firms-with-new-durian-malware-variant\/","title":{"rendered":"North Korean Hackers Target South Korean Crypto Firms with New &#8220;Durian&#8221; Malware Variant"},"content":{"rendered":"<p>Rumours have started of a new cyber threat that is emanating from North Korea as a state-sponsored hacking group called <strong>Kimsuky<\/strong> releases a dangerous malware variant that they call <strong>\u201cDurian\u201d<\/strong> on the <strong>South Korean<\/strong> cryptocurrency companies. This is considered by cybersecurity experts as a major step up in the continuous battle between the two countries in cyberspace.<\/p>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_71 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 eztoc-toggle-hide-by-default' ><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/coinengineer.net\/blog\/north-korean-hackers-target-south-korean-crypto-firms-with-new-durian-malware-variant\/#Unveiling_the_Threat\" title=\"Unveiling the Threat\">Unveiling the Threat<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/coinengineer.net\/blog\/north-korean-hackers-target-south-korean-crypto-firms-with-new-durian-malware-variant\/#The_Anatomy_of_Durian\" title=\"The Anatomy of Durian\">The Anatomy of Durian<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/coinengineer.net\/blog\/north-korean-hackers-target-south-korean-crypto-firms-with-new-durian-malware-variant\/#Lazarus_Linkage\" title=\"Lazarus Linkage\">Lazarus Linkage<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/coinengineer.net\/blog\/north-korean-hackers-target-south-korean-crypto-firms-with-new-durian-malware-variant\/#The_Lazarus_Ledger\" title=\"The Lazarus Ledger\">The Lazarus Ledger<\/a><\/li><\/ul><\/nav><\/div>\n<h3><span class=\"ez-toc-section\" id=\"Unveiling_the_Threat\"><\/span>Unveiling the Threat<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>In a recent threat report by <strong>Kaspersky<\/strong>, a major cybersecurity company, it was revealed that Kimsuky deployed the malware Durian for targeted attacks against at least two South Korean crypto companies. Kaspersky called the attack &#8220;persistent,\u201d noting that the exploitation of legitimate security software targeted the crypto industry in South Korea.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"The_Anatomy_of_Durian\"><\/span>The Anatomy of Durian<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Durian, previously unaccounted for and unnamed by security researchers, acts as a multifaceted installer, allowing for the constant deployment of malicious tools. Some of these tools include the infamous \u201c<strong>AppleSeed\u201d<\/strong> backdoor, a custom proxy tool called LazyLoad, and even seemingly innocuous software such as Chrome Remote Desktop. Kaspersky explained the capacities of Durian, highlighting the complete backdoor capability for command execution, file downloading, and data exfiltration.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Lazarus_Linkage\"><\/span>Lazarus Linkage<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Particularly, Kaspersky linked the Durian campaign with the notorious North-Korean hacking team, the <a href=\"https:\/\/coinengineer.net\/blog\/lazarus-group-targets-defi-via-fake-fenbushi-capital-profile-on-linkedin-says-slowmist\/\">Lazarus Group.<\/a> Andariel, a Lazarus subgroup, had also used LazyLoad, a component of Durian. This connection implies that there is cooperation or common resources between Kimsuky and the notorious Lazarus Group.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"The_Lazarus_Ledger\"><\/span>The Lazarus Ledger<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>The association of the Lazarus Group with crypto heists dates back to the year of its emergence, which is 2009. Lately, blockchain investigator ZachXBT uncovered the widespread money laundering operations of Lazarus, <strong>uncovering a mind-blowing $200 million laundered between 2020 and 2023.<\/strong> Accusations against Lazarus total over <strong>$3 billion<\/strong> in crypto theft over six years, with a chunk of 17%, or approximately $309 million, from their 2023 activities.<\/p>\n<p>The evolution of the cyber battlefield gave rise to Durian and reflected the North Korean threat actors\u2019 quest for monetary profits. While the shadow of Lazarus is still present in the crypto world, the affirmative force of South Korean organizations and the watchfulness of cybersecurity specialists are crucial in stopping such intricate attacks.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Rumours have started of a new cyber threat that is emanating from North Korea as a state-sponsored hacking group called Kimsuky releases a dangerous malware variant that they call \u201cDurian\u201d on the South Korean cryptocurrency companies. This is considered by cybersecurity experts as a major step up in the continuous battle between the two countries<\/p>\n","protected":false},"author":6,"featured_media":19378,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9],"tags":[6048,5913,6049],"class_list":["post-20309","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-crypto-news","tag-durian","tag-lazarus-group","tag-malware"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.6 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>North Korean Hackers Target South Korean Crypto Firms with New &quot;Durian&quot; Malware Variant - Coin Engineer<\/title>\n<meta name=\"description\" content=\"North Korean hackers strike South Korean crypto firms with &quot;Durian&quot; malware, signaling a menacing escalation in cyber warfare. Learn how this new threat unfolds.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/coinengineer.net\/blog\/north-korean-hackers-target-south-korean-crypto-firms-with-new-durian-malware-variant\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"North Korean Hackers Target South Korean Crypto Firms with New &quot;Durian&quot; Malware Variant - Coin Engineer\" \/>\n<meta property=\"og:description\" content=\"North Korean hackers strike South Korean crypto firms with &quot;Durian&quot; malware, signaling a menacing escalation in cyber warfare. Learn how this new threat unfolds.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/coinengineer.net\/blog\/north-korean-hackers-target-south-korean-crypto-firms-with-new-durian-malware-variant\/\" \/>\n<meta property=\"og:site_name\" content=\"Coin Engineer\" \/>\n<meta property=\"article:published_time\" content=\"2024-05-13T13:30:21+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-05-13T10:39:59+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/coinengineer.net\/blog\/wp-content\/uploads\/2024\/05\/hacker.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1168\" \/>\n\t<meta property=\"og:image:height\" content=\"657\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Tanju Akb\u0131y\u0131k\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Tanju Akb\u0131y\u0131k\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/coinengineer.net\/blog\/north-korean-hackers-target-south-korean-crypto-firms-with-new-durian-malware-variant\/\",\"url\":\"https:\/\/coinengineer.net\/blog\/north-korean-hackers-target-south-korean-crypto-firms-with-new-durian-malware-variant\/\",\"name\":\"North Korean Hackers Target South Korean Crypto Firms with New \\\"Durian\\\" Malware Variant - Coin Engineer\",\"isPartOf\":{\"@id\":\"https:\/\/coinengineer.net\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/coinengineer.net\/blog\/north-korean-hackers-target-south-korean-crypto-firms-with-new-durian-malware-variant\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/coinengineer.net\/blog\/north-korean-hackers-target-south-korean-crypto-firms-with-new-durian-malware-variant\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/coinengineer.net\/blog\/wp-content\/uploads\/2024\/05\/hacker.jpg\",\"datePublished\":\"2024-05-13T13:30:21+00:00\",\"dateModified\":\"2024-05-13T10:39:59+00:00\",\"author\":{\"@id\":\"https:\/\/coinengineer.net\/blog\/#\/schema\/person\/286f3a00b45c1661961e40ff0a1c7546\"},\"description\":\"North Korean hackers strike South Korean crypto firms with \\\"Durian\\\" malware, signaling a menacing escalation in cyber warfare. Learn how this new threat unfolds.\",\"breadcrumb\":{\"@id\":\"https:\/\/coinengineer.net\/blog\/north-korean-hackers-target-south-korean-crypto-firms-with-new-durian-malware-variant\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/coinengineer.net\/blog\/north-korean-hackers-target-south-korean-crypto-firms-with-new-durian-malware-variant\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/coinengineer.net\/blog\/north-korean-hackers-target-south-korean-crypto-firms-with-new-durian-malware-variant\/#primaryimage\",\"url\":\"https:\/\/coinengineer.net\/blog\/wp-content\/uploads\/2024\/05\/hacker.jpg\",\"contentUrl\":\"https:\/\/coinengineer.net\/blog\/wp-content\/uploads\/2024\/05\/hacker.jpg\",\"width\":1168,\"height\":657},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/coinengineer.net\/blog\/north-korean-hackers-target-south-korean-crypto-firms-with-new-durian-malware-variant\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/coinengineer.net\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"North Korean Hackers Target South Korean Crypto Firms with New &#8220;Durian&#8221; Malware Variant\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/coinengineer.net\/blog\/#website\",\"url\":\"https:\/\/coinengineer.net\/blog\/\",\"name\":\"Coin Engineer\",\"description\":\"Btc, Coins, Pre-Sale, DeFi, NFT\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/coinengineer.net\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/coinengineer.net\/blog\/#\/schema\/person\/286f3a00b45c1661961e40ff0a1c7546\",\"name\":\"Tanju Akb\u0131y\u0131k\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/coinengineer.net\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/a027c5acae1ab2c3649244f87d705ac7ee359dd7e3222b84cb1d32ba3a8d2e18?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/a027c5acae1ab2c3649244f87d705ac7ee359dd7e3222b84cb1d32ba3a8d2e18?s=96&d=mm&r=g\",\"caption\":\"Tanju Akb\u0131y\u0131k\"},\"url\":\"https:\/\/coinengineer.net\/blog\/author\/cetanju\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"North Korean Hackers Target South Korean Crypto Firms with New \"Durian\" Malware Variant - Coin Engineer","description":"North Korean hackers strike South Korean crypto firms with \"Durian\" malware, signaling a menacing escalation in cyber warfare. Learn how this new threat unfolds.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/coinengineer.net\/blog\/north-korean-hackers-target-south-korean-crypto-firms-with-new-durian-malware-variant\/","og_locale":"en_US","og_type":"article","og_title":"North Korean Hackers Target South Korean Crypto Firms with New \"Durian\" Malware Variant - Coin Engineer","og_description":"North Korean hackers strike South Korean crypto firms with \"Durian\" malware, signaling a menacing escalation in cyber warfare. Learn how this new threat unfolds.","og_url":"https:\/\/coinengineer.net\/blog\/north-korean-hackers-target-south-korean-crypto-firms-with-new-durian-malware-variant\/","og_site_name":"Coin Engineer","article_published_time":"2024-05-13T13:30:21+00:00","article_modified_time":"2024-05-13T10:39:59+00:00","og_image":[{"width":1168,"height":657,"url":"https:\/\/coinengineer.net\/blog\/wp-content\/uploads\/2024\/05\/hacker.jpg","type":"image\/jpeg"}],"author":"Tanju Akb\u0131y\u0131k","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Tanju Akb\u0131y\u0131k","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/coinengineer.net\/blog\/north-korean-hackers-target-south-korean-crypto-firms-with-new-durian-malware-variant\/","url":"https:\/\/coinengineer.net\/blog\/north-korean-hackers-target-south-korean-crypto-firms-with-new-durian-malware-variant\/","name":"North Korean Hackers Target South Korean Crypto Firms with New \"Durian\" Malware Variant - Coin Engineer","isPartOf":{"@id":"https:\/\/coinengineer.net\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/coinengineer.net\/blog\/north-korean-hackers-target-south-korean-crypto-firms-with-new-durian-malware-variant\/#primaryimage"},"image":{"@id":"https:\/\/coinengineer.net\/blog\/north-korean-hackers-target-south-korean-crypto-firms-with-new-durian-malware-variant\/#primaryimage"},"thumbnailUrl":"https:\/\/coinengineer.net\/blog\/wp-content\/uploads\/2024\/05\/hacker.jpg","datePublished":"2024-05-13T13:30:21+00:00","dateModified":"2024-05-13T10:39:59+00:00","author":{"@id":"https:\/\/coinengineer.net\/blog\/#\/schema\/person\/286f3a00b45c1661961e40ff0a1c7546"},"description":"North Korean hackers strike South Korean crypto firms with \"Durian\" malware, signaling a menacing escalation in cyber warfare. Learn how this new threat unfolds.","breadcrumb":{"@id":"https:\/\/coinengineer.net\/blog\/north-korean-hackers-target-south-korean-crypto-firms-with-new-durian-malware-variant\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/coinengineer.net\/blog\/north-korean-hackers-target-south-korean-crypto-firms-with-new-durian-malware-variant\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/coinengineer.net\/blog\/north-korean-hackers-target-south-korean-crypto-firms-with-new-durian-malware-variant\/#primaryimage","url":"https:\/\/coinengineer.net\/blog\/wp-content\/uploads\/2024\/05\/hacker.jpg","contentUrl":"https:\/\/coinengineer.net\/blog\/wp-content\/uploads\/2024\/05\/hacker.jpg","width":1168,"height":657},{"@type":"BreadcrumbList","@id":"https:\/\/coinengineer.net\/blog\/north-korean-hackers-target-south-korean-crypto-firms-with-new-durian-malware-variant\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/coinengineer.net\/blog\/"},{"@type":"ListItem","position":2,"name":"North Korean Hackers Target South Korean Crypto Firms with New &#8220;Durian&#8221; Malware Variant"}]},{"@type":"WebSite","@id":"https:\/\/coinengineer.net\/blog\/#website","url":"https:\/\/coinengineer.net\/blog\/","name":"Coin Engineer","description":"Btc, Coins, Pre-Sale, DeFi, NFT","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/coinengineer.net\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/coinengineer.net\/blog\/#\/schema\/person\/286f3a00b45c1661961e40ff0a1c7546","name":"Tanju Akb\u0131y\u0131k","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/coinengineer.net\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/a027c5acae1ab2c3649244f87d705ac7ee359dd7e3222b84cb1d32ba3a8d2e18?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/a027c5acae1ab2c3649244f87d705ac7ee359dd7e3222b84cb1d32ba3a8d2e18?s=96&d=mm&r=g","caption":"Tanju Akb\u0131y\u0131k"},"url":"https:\/\/coinengineer.net\/blog\/author\/cetanju\/"}]}},"_links":{"self":[{"href":"https:\/\/coinengineer.net\/blog\/wp-json\/wp\/v2\/posts\/20309","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/coinengineer.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/coinengineer.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/coinengineer.net\/blog\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/coinengineer.net\/blog\/wp-json\/wp\/v2\/comments?post=20309"}],"version-history":[{"count":2,"href":"https:\/\/coinengineer.net\/blog\/wp-json\/wp\/v2\/posts\/20309\/revisions"}],"predecessor-version":[{"id":20311,"href":"https:\/\/coinengineer.net\/blog\/wp-json\/wp\/v2\/posts\/20309\/revisions\/20311"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/coinengineer.net\/blog\/wp-json\/wp\/v2\/media\/19378"}],"wp:attachment":[{"href":"https:\/\/coinengineer.net\/blog\/wp-json\/wp\/v2\/media?parent=20309"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/coinengineer.net\/blog\/wp-json\/wp\/v2\/categories?post=20309"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/coinengineer.net\/blog\/wp-json\/wp\/v2\/tags?post=20309"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}