LAZARUS: The Rise of North Korean CyberCriminals

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

today's video is brought to you by raycon the beautiful earbuds stuck in my ear that drown out my terrible neighbor from yelling at me every day ladies and gentlemen i love to do blockchain analysis if you've been following me lately when i've been covering these recent videos regarding weird shady things in the cryptocurrency world i sit down and i browse like hundreds of thousands of transactions no i wish i could tell you that i was exaggerating so i use raicons just so i can put on some good old-fashioned lo-fi tunes to drown out everything around me and keep me in an absolute zen-like state raycons also come with a bunch of gel tips as well too so they really do stick in your ear unlike some other brands where again it helps to constantly drown out the nature around me it also has a 32 hour battery life so you know there's less time spending in the case and more time sitting editing without any fear of disconnections they started half the price of other premium audio brands and i'm not an audiophile but they sound just as good to me and raycons come with a 45 day happiness guarantee so if you don't really like it well you can go and return it so if you want to go give raycon some chance you can go to buy raycon.com some ordinary gamer and get 15 off your raikon purchase hello guys and gals me mudahar and cyber warfare is today's topic and i wanted to sit down and take a look at one group together with you one called lazarus now north korea is an interesting topic for me if you follow my channel at all you know that i made numerous videos covering propaganda channels video games even and even looking at one of their operating systems known as red star os it's fascinating to hear even the tiniest tidbits to come out of a country so isolated there's so much footage that you can watch that leaks out of north korea whether it's disseminated through a propaganda tiktok account which exists a few youtubers allowed to publish from there some of them even removed by youtube or the occasional documentary you actually tend to develop a picture about it what i'm most interested is is the growth of technology in north korea throwing away whatever beliefs or reservations you have north korea has actually advanced relatively they've got internet since you know the early 2000s they've got access to an internet which only a handful of people can use if you don't know what an internet is it's basically an internal network that's running entirely within north korea think of it kind of like the deep web how we use the tour system the tour in a way is an internet that we all connect to through a browser and we browse various onion sites routered within it now to understand this intranet they have is also heavily monitored full of propaganda and they've had their first email service in 2001 from a local bank called silly now that's also probably monitor too but hey they even had chat rooms all the way back then where they discuss basketball in various sports hey worldwide pandemic social distancing zoom i mean that's what the rest of the world uses but north korea they're all just built differently they use something called rock one which is their own version of teleconferencing smartphones get out of here what are you using samsung using iphones using a little bit of that htc get out of here the real brand is ararong which is actually a premier brand the flagship stats are actually pretty interesting i'm not gonna lie it's got four gigs of memory a 13 megapixel rear camera no facebook wait that's actually a pretty good thing dude that's actually pretty based all right whatever clearly north korea isn't in the [ __ ] stone age which some people actually think they are okay maybe they're a little bit you know turn of the century cold war but they're getting better they're getting there they've got a ways to go but given the economic sanctions that north korea faces and the relative poverty of the nation this is probably the best you're gonna get for now now there's a movie that i was watching a couple weeks ago called blackout i'm really into found footage movies it's not that great of a film but it actually details the loss of the power grid in the united kingdom so for the first few days in this movie everything goes relatively fine i mean it's a loss of power but as time presses on and forward they actually start rationing out resources and so once they start spreading super thin the society eventually starts to crumble people turn on one another and things start going to [ __ ] now again if you think about it we just had the colonial pipelines hack now again the parallel can be brought up right the moment that hack was brought into the forefront there were law enforcement agencies that jumped to quickly fix up as much as they actually could now the end of the day things got basically fixed up but in the current world of cyber warfare there you gotta understand there's three key big players the united states the russian federation and china these three countries alone are some of the biggest superpowers in the entire planet but beyond these three big countries are smaller but sizable players as well this includes india the united kingdom iran israel which basically is just the united states by proxy and then you have north korea which again is just china by proxy so again going forward north korea is important in this case because it's a good understanding of how somebody can grow so fast within the cyber warfare industry see with conventional warfare it's expensive and in many cases you actually end up completely losing your initial investment for instance the united states just pulled out of afghanistan with over a trillion dollars down the hole in the span of a few days even a week it all basically unraveled i mean the the entire thing just completely crapped the bed of course that's not the same with the various defense contractors in the united states whose stock prices basically skyrocketed to the moon but hey that's i mean that's a different video and the closest you'll get right now to me even commenting on that is my metal gear solid 4 video for now wmds are incredibly regulated unless you're willing to go bankrupt and sanctioned which is kind of what north korea has done in a way that's also a route you don't want to go down on but you know what is economical and you know what is in the grasp of almost every nation out there is cyber warfare see it's a lot cheaper to buy computer equipment connection connecting yourself to the internet and training a few engineers and it's also beneficial when north korea has a big ally china in this case where some of your agents can go and train and then you can also train back home as well it's not hard to train cyber warfare engineers i mean really it's it's a lot more cheap than again building wmds or that conventional warfare route i mentioned earlier see what we've learned from colonial pipeline is that you can do a lot of damage to a country a nation by interrupting the most basic of supply lines and [ __ ] up the most basic of power grids then you would ever attempt to go toe-to-toe in a conventional way see north korea can't go up against the united states but north korea can hack key segments of the united states and really really cost some grief see if you add ransomware into the mix which is now a lucrative business basically we're about to find out lazarus group is basically the cutting edge of this kind of cyber warfare now you might have heard of lazarus group in other names some of them would be apt 38 god's apostles god's disciples the guardians of peace i know it's kind of cringey zinc who is team and hidden cobra i mean it kind of sounds like various [ __ ] prison gangs but it is what it is now around 2009 was when these guys first showed up they went far enough to be labeled an advanced persistent threat which is typically a term that you're going to associate with nation state hackers so people that have the backing of an actual nation see if you want to look at hackers in a very rough way you've got the individual you've got hacking gangs and cartels but the most scariest of them are actual nation states because not only are these people very intelligent of the hacks that they perform but they have the backing of entire nations meaning that at any moment they can just hide behind the nation state and never really be in well they can be indicted but most of the times these people live in relative freedom and they constantly keep attacking each other until 10 years down the road from this video when actual sanctions and proper methods are put to prevent cyber attacking this is going to keep going on in fact if you look at the map right here that i have playing to the right it's not something that i have as a nice visualizer this is something from kaspersky labs where basically they're showing a real-time assessment of all the cyber attacks that are going in the world right now and while this is based on general data sources you can actually understand that between right now there are multiple attacks going on centered around the united states to russia to china in fact if i'm not mistaken russia right now is the most cyber attacked country at this point in time this is a war that's waging on while we're sleeping and playing our video games it is some serious [ __ ] business now earlier on they actually had a 2021 indictment that was actually ended up releasing so three north korean military hackers indicted in wide ranging scheme to commit cyber attacks and financial crimes across the globe so these indictments actually came from the wannacry ransomware and then recent money schemes where they were siphoning cryptocurrency for banks and were operating in north korea and china so the federal indictment unsealed today's charges three north korean computer programmers with participating in a wide-ranging criminal conspiracy to conduct a series of destructive cyber attacks to steal and extort more than 1.3 billion dollars worth of money and cryptocurrency from financial institutions and companies no small feat now here are the schemes that the us government is alleging so some of them were cyber attacks on the entertainment industry when sony pictures ended up being attacked because of the movie that they were making called the interview which depicted kim jong-un in a very negative light but we'll get to a lot of these in a bit they also had cyber-enabled heists from banks numerously operating in vietnam bangladesh taiwan mexico malta and africa by hacking the swift message system that banks used to transfer money across country to country then they had atm cash out thefts targeting of cryptocurrencies typically in south korea sphere phishing campaigns which basically they sent a bunch of targeted employees emails that could compromise and some of the targets in this case included defense contractors energy companies aerospace companies technology companies the us department of state and the department of defense if you [ __ ] with this last one right here think of your life as effectively forfeit if they ever catch you now again the people that they ended up getting in this case were money launderers that were even located into a city close to where i live in mississauga ontario now in this case the hacking indictment filed in the u.s district court in los angeles alleges that john chang hyuk kim il and park jin hyuk were members of a unit of reconnaissance general bureau rgb a military intelligence agency of the democratic people's republic of korea were engaged in criminal hacking these north korean military hacking units are known by multiple names in the cyber security community including lazarus group and apt-38 so the num names i mentioned earlier so yeah this is serious serious business in 2021 alone this is an unsealed criminal complaint which is serious i mean being indicted in something like this like i said before your life is effectively forfeit now to go back to the initial humble beginnings of such a group we have to look at something called operation troy back in 2009 now earlier on some of the first forms of attacks were ddos campaigns for those of you don't know ddos or denial of service attacks i want you to think of it like this every time you have your favorite streamer online and somebody gets their ip address there is some person committing a federal crime by booting them off of their stream basically the general idea is sending enough traffic to that person's router or their server and basically getting them knocked off i've had the same thing happen to me with my ip being leaked once static by the way through gta online somebody got my ip and they started booting me off the internet because they just had my ip so i was booted off and i really couldn't avoid it unless i changed my internet service provider or i got myself a new modem ddosing is basically the same thing that they're doing here except at a much larger scale so lazarus group employed the use of a pretty large botnet so basically a large group of computers were infected and taken commands from one central server so i want you to imagine if you had a million computers infected you could basically have a few servers send commands to each of those million systems now imagine if you had a million systems pinging one specific server that's a lot of traffic and that'll probably shut down anything large enough now of course in recent times we have plenty of mitigations but this is back in 2009 okay they could have done some serious damage and they did now instead of a million computers in my example the actual number was somewhere close to around twenty thousand and somewhere up to like one hundred and eighty thousand one seventy thousand and the way that this was assessed was basically at some point researchers got the logs of the command servers the hackers had used around 40 websites were targeted in this actual attack and the attack happened the course of three waves the first one was on the 4th of july independence day where the white house website was attacked the pentagon the new york stock exchange nasdaq amazon and the washington post newspaper the next wave came just three days later targeting south korea once again targeting their government websites like the national intelligence service their intelligence agency and the blue house so later on security researchers thought and found out that european countries ended up assisting in some unwitting way by deploying w30t dozer now security researchers later had found out that european countries were somehow involved in assisting this attack by in some capacity deploying w32 dozer which was the malware that was used in the attack for those of you don't know what this is w32 dozer was a computer worm that came from the my doom family of worms pretty popular back in the day now to explain what happened over here to create a botnet used to ddos these websites and servers the worm was spread via email attachment now throughout a lot of virus investigations that i've done i've looked at plenty of malware that effectively spreads through email services and you would be surprised how many people actually still fall for this it's effective because it uses social engineering and the gullibility of the average user to spread it see if you get a work email alright that doesn't look too fishy and you don't look too into it because you're working and you're probably already burned out sometimes they come with work attachments work disguised attachments you open it up and lo and behold you have been infected now this worm in this in this instance consorts with a command server and at the same time it can also use your email client and your contact directory and spread the malware to all the addresses you have saved yourself see this is how you go quickly from having zero systems infected to in a very short amount of time going to fifty thousand infected systems and then a hundred thousand infected systems that's how these worms work and that's why they are so effective if left unchecked now to understand the importance of it is when government sites are attacked like this you need to identify a breach and then further identify if anything gets stolen and in this case thankfully nothing had happened see what was interesting in the w32 dozer worm it was designed to wipe the master boot record and ultimately make it so that the computers couldn't boot now think of it like the cih malware we once covered on virus investigations now instead of wiping motherboards which i guess at the time of this this malware attack wouldn't even have worked what they would do in this case was after they had done everything that would make you go through that very hellish task of reinstalling windows i mean these bastards were playing serious games so then two days later on the third and final wave websites in south korea and its various banks were targeted and the u.s state department confirmed that even their site was going through attacks at the time not a high enough volume but enough to actually just keep an eye on it right and at this point federal operators started to mitigate the final wave of these attacks so listen at the end of the day it even turned out that the majority of the code that was reused in this malware attack was from my doom years ago before operation troy i want you to think of this as sort of a starting point for what lazarus would become much more later on okay no one at the time knew that this attack was north korean in origin until south korean cops analyzed the infected computers in that botnet and uncovered evidence of pro-north korean elements i guess is what they said at the time see south korean intelligence services tracked the ip address that was linked to the north korean ministry of post and telecommunications again a lot of this is alleged but this is one of those attacks that because of the size of the botnet it's also a bit hard to pin down there are so many origin points that people can say it's north korea china or even as far as the european union now four years later in 2013 south korea faced a series of cyber attacks that will forever be dubbed as the 10 days of rain so basically this involved with an incident regarding south korean television stations starting to notice frozen terminals around their sit around their you know bases and financial institutions like in this case shinhan bank reported actually having mobile payments [ __ ] with and atm systems in the country screwed around with see this happened during slightly higher elevated tensions between both the koreas because at this point pyongyang was actually testing nuclear you know weapons at the time now south korean intelligence noticed that the attacking ips in this case were chinese origin now to understand this doesn't mean that an attack is necessarily chinese oriented okay see anybody can route internet traffic through any source imagine a vpn right you probably use one right now some of you might be using one to watch this video or you might be browsing the sea of pirates with a vpn i'm just saying i'm not judging i'm just putting it out there okay one of y'all is probably doing it law of numbers wise so just because you say in this case that you set your vpn to like australia for instance you are not actually in australia but see to the person that's being hacked or being communicated by your system all they can see is hey there's somebody from a land down under talking to me which is effectively what we had over here so chinese ips aren't a dead giveaway but why it becomes a big focus is that usually north koreans to hide their attacks will typically go behind chinese ips see once you have a chinese ip involved into it going beyond that usually is a very difficult thing to do and that's how north koreans mask their cyber attacks one of their biggest and only allies is china and there's no doubt in my mind that china is complicit in some capacity with north korean cyber attacks again that's my opinion now the attack led to damaging six organizations pretty heavily and instead of what people thought were just ddos attacks and hard drive overrides it was later actually discovered that 32 000 computers and servers of financial and media organizations typically were damaged so we're talking xin on bank jiji bank non-hub i hope i'm pronouncing a lot of that right reporting network paralysis and [ __ ] outages media services like korean broadcasting system in ytn were also hit with system shutdowns listen like as far as motives go during tensions like this the attack seemed to constantly point circumstantially at least to the north and if causing damage was the concern then they actually got it because we're talking about somewhere to the tune of 750 million dollars in damages total now turn that back to the chinese ip and it's probably most likely that north korean agents were probably involved into this but we'll actually get to the whole truth section in a little bit see a month later in june another attack involved a information leak where a hacker actually admitted to leaking hundreds of thousands of soldier information signery party members and operators in the us force korea section okay 35 000 operators in that joint task command now on the morning of the 25th in july of that year the xi'an wade website and various web pages of the government were actually defaced okay so basically this is when a hacker will often change a web page through malware various injections or just gaining it to a compromised web server where the page is even hosted so they started including phrases like all hail the unified chairman kim jong-un until our demands are met our attacks will continue greet us we are anonymous they weren't anonymous i mean not not not with those declarations we all know where these attacks were coming from god damn later south korean intelligence agencies they found out that one specific ip was matched to a previous hacking attempt that originated from guess what pyongyang and it was if that wasn't enough the pattern of hacking actually resembled the prior north korean cyber attacks that occurred now this is going to be a real thing all right we'll get to it later the actual resemblance of all of these attacks this is how we're able to identify that north korea is typically behind a lot of it now compared to the last incident where we had simple ddos attacks this one was obviously a bit more severe and expensive so at this point north korea has basically proven that they're the new up-and-coming player in the cyber warfare community and an actual task force internationally had started to form just to counter these people now at this point we're not referring to these guys as lazarus lazarus is the name you'll see later on in their career at this time the persona they were using was who is team of course these names constantly change but you know because these are cyber terrorist groups okay they constantly have to shift their names around right the more notoriety they get the harder it is to kind of you know deny their involvement and to hide them when it comes to more lucrative attacks again when we go down further into this rabbit hole these attacks only become more and more severe now in 2014 was the infamous sony pictures attack now this attack put lazarus basically on the map back in 2014 sony pictures announced a movie called the interview now it's a comedy movie about an assassination plot regarding kim jong-un now the movie wasn't really anything special it's just a james franco seth rogen comedy movie so i mean you gotta expect a lot of dick jokes and bong rips and honestly there's nothing wrong with that i mean it's funny as [ __ ] when an edible kicks in but the movie wasn't just about comedy i mean they were actually pretty critical of north korea specifically in terms of how the kim dynasty lives lavishly while the country starves i mean seriously look at the amount of hennessy they import into that country the elite live good now during the time lazarus kept calling themselves the guardians of peace okay during this hack which is a real cringe name and in this hack they leak the confidential information of employees in sony pictures division plans for their upcoming movies and even some copies of unreleased things as well now the way that sony pictures is hack worked in this case was through a malware variant which would known which would be known as shimoon okay so this is also known as w32 diss track dist track okay it's not that me me basically it was an attack that targeted the 32-bit nt windows kernel where basically infects the system catalogs the important files uploads them back to the attacking server and then erases the files and then once all that is done it then corrupts the boot record of the system which as you can guess or renders it on bootable so again the same malware was actually used to attack saudi aramco which at the time of this of this attack was the biggest company on the planet i think apple was just about to beat them in market valuation but saudi aramco that would at the time that was the largest cyber attack in history again it would be a hot minute before like solar winds became the topic of discussion but yeah back then this malware strain was used in other various attacks so basically the attackers didn't want that movie to be released and at the time they even had like terror attacks that were they were threatening actual theaters and at this point the fbi started to get involved because i mean at this point when you have like real world attack threats they don't [ __ ] around the us government will make sure that doesn't happen now the guardians of peace sent two threats okay one to the sony executives telling them listen as long as you don't release this movie they don't have to attack any further and then they uploaded something to a code sharing site called pastebin where they were they posted and i quote you have suffered through enough threats we lift the ban the interview may release now again on the stipulation that kim jong-un's death scene wasn't too happy you know they had katy perry i think playing in the background of that scene and the actor for kim jong-un yeah he [ __ ] incinerated on camera by the way they tripled down god bless on that one good [ __ ] now even president obama at the time criticized sony pictures for basically being intimidated by the north koreans i mean honestly that's kind of a dickish thing to say because what do you do as a company when you've been this cyber [ __ ] by another country and at this point like it's easy for president obama to go out and say listen you know don't be scared bro you just got you got you got goat seed all right at this point it's reasonable to be scared so an interesting point to understand is the interview did pretty well financially because of the streisand effect that was caused by the north korean actors basically putting a big spotlight on the movie itself i mean at this point people wanted to watch the movie not because of the fact that it was about kim jong-un but because north korean hackers got so ass mad that they decided to do all this [ __ ] now later on they did a technical analysis of the malware that was used and they found out that it was linked to previous known north korean developed malware that the fbi had found prior now the fbi also found overlap in the infrastructure that they were using for the attack they found several ip addresses that were linked to north korean systems that were actually hard coded into that used malware vips were linked to north korean businesses operating in shenyang northeast china see the malware and toolkit used in this attack also had a stark amount of similarities to the 2013 cyber attacks in south korea again you'll see that a lot of ways that lazarus gets linked is that they have a certain mo and once you're able to identify that mo constantly it's very easy to identify that this is the same cyber group doing the same cyber shenanigans in the same part of the world now some of the ip addresses that were found were because of really shoddy vpn and proxy usage i mean the fbi found out that they were literally originating in north korea the guardians of peace themselves weren't exactly the smartest tools in the shed now to understand this is pretty damning because north korea has really tightly controlled access it's not like us on our side of the world where everyone can access the greater internet in north korea only the elite and government approved can access the outer internet because for north koreans they have their own intranet their own internal internet all right that they only access which again is also highly monitored now at the same time in this case even the nsa at the time helped corroborate this attack because they even found similarities in their own intrusion into north korea themselves so again not exa these mo's are dead giveaways that lazarus is behind it now north korea's state-sponsored news agency also denied that the government was ever involved but here's the funniest thing about it okay they did say while they weren't involved that the hacking into sony pictures might be a righteous deed of these supporters and sympathizers with the dprk in response to its appeal yeah it wasn't us but it must have been those heroic hackers that are fighting for the honor of the north korean government god damn it's like listen i get you want to deny it everyone wants to deny a cyber attack but these guys have to sell fellati just a little bit in front of the world it's hilarious now anyways this actually ended up becoming so political that it actually even heightened sanctions against north korea by executive order from barack obama because of how high profile the hack was now guys and gals if you thought the sony hack was big enough you thought that was them peaking we got bank eyes i [ __ ] you not in february 2016 you had 35 transactions that were sent from accounts uh that were held by the central bank of bangladesh uh to the federal reserve of the united states okay federal reserve in the in new york so they basically use the swift system and they siphoned 30 they attempted 35 transactions in reality only five of these went through which succeeded in basically transferring about a hundred million dollars 20 million which were sent to sri lanka and 81 million that was one that went to the philippines now in good news the 20 million that was sent to sri lanka was actually recovered but 63 million was ultimately siphoned away okay i think it was like 58 million that was siphoned away but effectively there was money in the philippines that was effectively gone all right it was actually such a massive hack that it almost caused the philippines to be reinstated in the financial action task force for money laundering okay they were about to be blacklisted once again now this is from sisa which is cyber security and infrastructure security agency the joint advisory is a result of analytics effort among the cyber security division okay and the fbi and us cybercom all right so basically they started to look at beagleboys right an element of the north korean government's rgb okay have likely been active since at least 2014 as opposed to typical cyber crime the group likely conducts well-planned disciplined and methodical cyber operations more akin to careful espionage activities so they're pretty serious they've netted hundreds of millions of us dollars and are likely a major source of funding for the north korean regime they have value all right they have some real value now they've been identified as apt-38 by fireeye blue and or off by kaspersky and lazarus group by est security and then as also a stardust columna now it's also known that these are just names of various factions that lazarus runs but here they've got targeted nations so anything below the equator is basically free game by these individuals so africa chunks of india chunks of southeast asia and then you've got south america basically taken they've got an anatomy of how their cyber attacks work okay so basically they send a sphere phishing attack to the victim institution right where they basically try to go to the payment switch application server and then the swift terminal they then use this to attack the swift network and make pretty much fraudulent transactions at the same time they use the actual credentials to go to the payments network they attack atms attack cards and effectively at the end of the day the attacker reaches at the end and siphons cash and sends it back to the good old north korean boys back home now for those who don't know what swift is it's the banking protocol for cross nation transit it's known as society of worldwide interbank financial telecommunications it's basically a fancy messaging network used by banks to send money transfers instructions rapidly and securely if you basically transferred any money across countries in a wire transfer you probably at some point asked for the swift code for the bank that you're sending money to without that swift code sending money over borders isn't exactly as easy okay most banks require it so bangladesh central bank was targeted because it had a higher amount of weaknesses to exploit the weaknesses were basically human beings that you could exploit via social engineering now in fact it's believed that few of the people working at the bank were actually complicit in the attack itself now see what happened here was the attackers in this case were trying to siphon out almost 1 billion dollars in bangladesh's bank account with the federal reserve bank in new york and during the time when the bank was actually closed hackers compromised the network and started to use the swift terminal to send requests with compromise credentials these credentials as you can imagine were obtained using guess what email attacks so basically they used a malware known as drydex which is something that typically uses macros in microsoft word i made an interesting video regarding covid19 malware that came out where they were effectively using these documents and macros hidden within to attack users and steal their credentials and data again you'd be surprised at how effective these email attacks really are now the 20 million that went to sri lanka was supposed to go to the shalika foundation however because the attacker misspelled foundations i [ __ ] you not they caused a douchebank at the time to halt the routed cash and make sure that the bangladesh bank that this was actually a normal authorized transaction so yes one misspelling on the word foundation i think they called it fundation caused them to miss out 20 million dollars in a payday i mean they're not re i mean that has got to be the biggest slap in the face at that point and that dude must have gotten a [ __ ] beating back home in north korea for that [ __ ] up now the money that did go to the philippines in this case was then sent to five accounts in the resale commercial banking corporation the funds were then converted into philippine pesos and then consolidated into one central account eventually that money was transferred and before the bangladesh bank could end up sending out a swift message to the rcbc banking group a withdrawal of 58 million dollars had already happened now that's a lot to take in so while these two banks are fighting it out in court and fines are being levied out the fbi put north korea into their crosshairs see u.s prosecutors started suspecting that the heist originated in the government of north korea and even some chinese nationals ended up facilitating allegedly some of the wit tron funds in the philippines now security firms at this point actually reference lazarus by maim as being the most probable perpetrators of the heist see how they figured it out was again through the similarities in the various hackings that they had once done and at this point lazarus has a lot of examples to look back at to understand first it was ddosing then shutting down infrastructure then attacking a major film studio and now if this is tied to the north korean government they would be the first nation to participate in a bank robbery over the internet and again if this is proven that would mean north korea again it's the first country to [ __ ] rob a bank so now we move on to 2017 which is the wannacry attack now this is something we're a bit familiar with on this channel i've covered this whole thing in its own virus investigations if you want to know more about that go check that video out but the gist of this was that over a period of four days a ransomware malware was sent to windows systems using a leaked nsa exploit known as eternal blue to hijack systems and charge fees ranging in the hundreds of dollars now it's again believed lazarus is behind it because the attack originated at pyongyang and it had similar symptomology to the previous hacks now in the end the united states indicted park jinhyuk if you remember that name from before it's the name we saw earlier in the indictment because they alleged he was working as an expert in the north korean reconnaissance general bureau the rgb i think a lot of blame in this case though could also be placed on the nsa for knowingly not basically disclosing this exploit eternal blue at the time had they have done it i think a lot of the stuff could have been mitigated but then again the nsa does what the nsa does all right there's really nothing you can say against them all right i mean sam fisher works for the [ __ ] nsa okay i don't [ __ ] with sam fisher therefore i don't [ __ ] with the nsa now in 2017 to 2019 cryptocurrency and bank thefts were occurring routinely at this point money becomes the real focus of lazarus because in 2018 it's reported that lazarus was attacking users in south korea mostly college students who are delving into the bitcoin and monero world two popular cryptocurrencies now as you can imagine what ties this back to lazarus is again the similarity in the attacks you might be wondering mudo why don't they just change their modus operandi you could ask that to a million people honestly i mean it's just their style and if it works it works [ __ ] if it's noticeable i mean if you have the backing of an entire nation why would you even decide to change now by abusing flaws in the popular office software hangul they actually used sphere phishing attacks so email attacks specifically targeting students they stole their credentials and siphoned money through crypto and they actually learned something really cool cryptocurrency is a nice way to launder money hell it turns out it's a great way to get around the sanctions that north korea is being put under so over the course of the year they started stealing millions from various exchanges you might have even heard of nicehash a cloud you know mining company they had 4 000 bitcoins over 4 000 stolen from them and actually it was later even confirmed lazarus was linked to a bunch of these thefts now imagine at this point they've discovered the value of cryptocurrency the scale of how much they're robbing at this point is enough to put some exchanges into [ __ ] bankruptcy even in 2019 they started to emerge in the eyes of the us government when they put a red alert out with something called the electric fish malware so to understand what the electric fish malware is we're going to read another sisa group okay so to understand this malware attempts to establish tcp sessions with the source ip address and the destination ip address if a connection is made to both the source and destination the malicious utility will implement a custom protocol which will allow traffic to rapidly and efficiently be tunneled between two machines if necessary the malware can authenticate with the proxy to be able to reach the destination ip address after the malware authenticates with the proxy it will immediately attempt to establish a session located outside of the target's network and the source ip address so basically electric fish is trying to connect to certain devices and maintain a tunnel of data between them long story short this malware was used for high profile robberies regarding financial institutions and atms throughout the course of 2019. now in 2020 the pharmaceutical attacks started to happen during the height of the covet 19 pandemics and lockdowns last year lazarus was operating effectively targeting the pharmaceutical companies around that were developing the vaccine for covet 19 at the time now once again they use tried and true sphere phishing email attacks except they tried to be health workers they sent malicious files links emails to actual employees at all of these organizations now why would lazarus attack big pharma right for one if they obtained vaccine information which at the time would have been very lucrative if they could sell it to the right bidder so yeah that's basically the story of how a group that started over a decade ago has now become a superpower in nation-state hacking cyber warfare around the world now imagine starting off as a group of people running ddos attacks on government sites initially basically being laughed at to siphoning millions of dollars in cryptocurrencies and causing billions in damages look their methods aren't exactly the most interesting i'll admit but the reason they work so well is that people constantly fall for them look mo if most if not all of their attacks involved compromising emails and using human social engineering and even then with such a rote tool kit they're able to do so goddamn much and that's most likely has to do with the fact that it appears to again have nation state backing groups like lazarus don't actually come too often with a rap sheet like theirs they've earned the highest plays at the crypto they're at the at the cyber warfare you know table now while they've made a name for themselves it's really only a matter of time before they actually get caught slipping real hard and there's no doubt in my mind when given the chance any international law enforcement group will seek their capture and this time the the time these people will do in prison is [ __ ] astronomical it's only a matter of time before these guys get really greedy and start attacking countries like china or russia which are typically north korean allies and at some point big brother is going to have to come down slap you in the head and tell you to hand over some of these [ __ ] now the point of this video isn't to glorify lazarus okay they really don't deserve glory in all reality they're not the greatest hackers in the world they just have a big rap sheet really it's to advise you individuals that groups like this exist and they become the new face of international warfare on a battlefield where all of us are in the crosshairs you me and every big corporation that funnels mass data sometimes our data is now under attack and it's why we need to be so careful with what we do with our data because listen we can trust the companies that we operate with okay in some capacity you probably watch this video and trust google you probably trust microsoft although it takes one vulnerability one [ __ ] up in those companies to allow these [ __ ] to run off with your information that can be used to identify you to profile you and potentially end up cheating you that said though ladies and gentlemen this is me mudahar and i'm signing off today we learned about the lazarus north korean cyber attack group that basically made international headlines and still do to this day will they ever be stopped that's a story i'm looking forward to and when that happens boy oh boy am i going to be the first person to be smiling and talking about it and shooting off fireworks this is me moonheart if you like what you saw please like comment and subscribe just like if you dislike it i am out

Info

Channel: SomeOrdinaryGamers

Views: 272,759

Rating: 4.9615793 out of 5

Keywords: someordinarygamers, lazarus group, lazarus, north korea, cyberattacks, malware, computer viruses, windows, rise, of, computer, hackers

Id: 18IbbNL7kAE

Channel Id: undefined

Length: 41min 24sec (2484 seconds)

Published: Sat Aug 21 2021