Summary: An investigation by SecurityScorecard has uncovered a sophisticated command-and-control (C2) infrastructure used by North Korea’s Lazarus group to manage attacks on cryptocurrency entities. This hidden layer, dubbed “Phantom Circuit,” enables the group to maintain oversight over compromised systems and orchestrate extensive cyber operations while employing advanced operational security measures to evade detection. The campaign has resulted in numerous victims downloading malicious payloads, leading to potential cryptocurrency theft and corporate network infiltration.
Affected: Cryptocurrency entities and software developers worldwide
Keypoints :
- The Lazarus group employs a hidden administrative layer for centralized management of cyber-attacks.
- Victims are deceived into downloading payloads through fraudulent recruitment strategies on platforms like LinkedIn.
- SecurityScorecard identified sophisticated methods, including VPNs, used by Lazarus to evade attribution and conceal their activities, linking back to Pyongyang.