Analysts find connection between North Korean military and crimeware organization TrickBot
Analysts at SentinelLabs claim to have found some of the first evidence that links the crimeware organization TrickBot and Lazarus group. Lazarus group is the cyberwarfare division of the North Korean military’s Reconnaissance General Bureau. TrickBot debuted as a banking malware in the fall of 2016 and has since evolved into an example of the flourishing cybercrime service movement. Vitali Kremez, the lead cybersecurity researcher at SentinelLabs claims that evidence linking TrickBot to advanced persistent threat malware like Lazarus indicates a shift in the cybercrime world.
In a recent report, SentinelLabs explains the sophistication and capabilities of both Lazarus Group and TrickBot, as well as detailing the newly uncovered links between the two. SentinelLabs claims that TrickBot, which initially focused its energy on attacking Australian banks, was able to spread its work by subletting its tools to other groups performing different kinds of hacks using a combination of other malware such as Emotet, IcedID, and Gozi ISFB v2.