North Korean Hackers Kimsuky Deployed Malware Targeting Crypto Firms: Kaspersky
Sujha has been recognised as 🟣 Women In Crypto 2024 🟣 by BeInCrypto for her leadership in crypto journalism.
- Stablecoin Inflows Have Doubled to $98B Amid Selling Pressure – Report
- Bitcoin Miner MARA Moves 1,318 BTC in 10 Hours, Traders Wary of Forced Miner Selling
- Bitwise Files S-1 With SEC to Launch Uniswap-Focused ETF, UNI Token Slumps 16%
- Bhutan Quietly Sells Over $22M in Bitcoin, Triggers Speculation Over Possible Sell-Offs
- Crypto Firms Propose Concessions to Banks as Stablecoin Disputes Stall Key Crypto Bill – Report

North Korea’s notorious Kimsuky hacking group, also known as APT43, has been reportedly launching cyberattacks on two South Korean crypto firms using a previously undocumented Golang-based malware named – Durian.
Per findings from cybersecurity solutions giant Kaspersky, Durian is characterized by its “comprehensive backdoor functionality.” This feature enables the execution of delivered commands, additional file downloads and exfiltration of files.
The attacks reportedly took place between August and November 2023, involving a South Korean software exploit to gain initial access.
“Based on our telemetry, we pinpointed two victims within the South Korean cryptocurrency sector. The first compromise occurred in August 2023, followed by a second in November 2023.”
Once the malware is established and operational on the victim’s systems, Durian deployed additional tools, including Kimsuky’s backdoor AppleSeed, and a custom proxy tool named LazyLoad.
Interestingly, LazyLoad tool links to Andariel, a sub-group within the notorious Lazarus. This also raises the suspicion of shared tactics among both North Korean threat groups, the Hacker News reported.
Per reports, Kimsuky started at least 2012 and is under the North Korea’s Reconnaissance General Bureau (RGB), the country’s military intelligence agency.
Kimsuky’s Mail Mafia
Kimsuky group is well-known to have conducted various phishing attacks via email to steal cryptos.
In December 2023, the treat group disguised as South Korean government agency reps and journalists to steal cryptocurrencies. A total of 1,468 people fell victim to the crypto hackers between March and October 2023, according to police reports.
Some of the victims also included retired government officials from diplomacy, military and national security. The perpetrators reportedly sent legit-looking phishing mails to execute the dubious act.
The state-backed hacking group had previously targeted Russian aerospace defense companies “taking advantage of the coronavirus pandemic.”
According to Kommersant report, RT-Inform, the IT security arm of the Russian state-owned tech agency Rostec, noted that there has been an increase in the number of cyberattacks on the IT network during pandemic from April to September 2020. However, it neither denied nor confirmed the Kimsuky attack reports.
- Mark Zuckerberg’s Meta AI Predicts Unbelievable Bitcoin Price by the End of 2026
- Google Gemini AI Predicts Crazy Solana Price by the End of 2026
- XRP Price Prediction: MVRV Data Points Bullish
- Leading Claude AI Fable 5 Predicts Stunning XRP Price by The End of 2026
- Elon Musk Grok AI Predicts Incredible XRP Price and Bitcoin Price by End of 2026
About Us
2M+
250+
8
70
Market Overview
- 7d
- 1m
- 1y
- Mark Zuckerberg’s Meta AI Predicts Unbelievable Bitcoin Price by the End of 2026
- Google Gemini AI Predicts Crazy Solana Price by the End of 2026
- XRP Price Prediction: MVRV Data Points Bullish
- Leading Claude AI Fable 5 Predicts Stunning XRP Price by The End of 2026
- Elon Musk Grok AI Predicts Incredible XRP Price and Bitcoin Price by End of 2026
More Articles
Get dialed in every Tuesday & Friday with quick updates on the world of crypto