Feds Seize 'Sinbad' Crypto Mixer Used by North Korea's Lazarus
The prolific threat actor has laundered hundreds of millions of dollars in stolen virtual currency through the service.
Coverage of reported Lazarus-linked intrusions, infrastructure, disruption efforts, and defensive guidance that helps explain cybersecurity risks.
Search across headline titles and summaries.
Background for this topic.
Lazarus is a name used by security researchers and public authorities for a suspected, loosely defined intrusion set associated with multiple malware and cyber-espionage operations. The label may cover related but not identical activity, and attribution can change as technical evidence is reassessed. Public reporting has connected the name to incidents involving credential theft, malicious software, theft of funds, and disruptive attacks; those reports should not automatically be treated as proof that every campaign sharing similar tooling has the same operator.
For defenders, coverage under this tag is most useful when it identifies the initial access path, affected software, infrastructure, and evidence supporting attribution. Practical priorities include phishing-resistant multifactor authentication for privileged and remote access, prompt remediation of exploited internet-facing systems, application allowlisting for sensitive environments, and monitoring for unusual authentication, scripting, and outbound connections. During a suspected intrusion, preserve endpoint, identity, email, and network logs before containment changes evidence, then scope for stolen credentials and persistence across connected systems.
The prolific threat actor has laundered hundreds of millions of dollars in stolen virtual currency through the service.
Threat actors from the Democratic People's Republic of Korea (DPRK) are increasingly targeting the cryptocurrency sector as a major revenue generation mechanism since at least 2017 to get around sanctions imposed against the country
The U.S. Treasury Department on Wednesday imposed sanctions against Sinbad, a virtual currency mixer that has been put to use by the North Korea-linked Lazarus Group to launder ill-gotten proceeds
The U.S. Department of the Treasury has sanctioned the Sinbad cryptocurrency mixing service for its use as a money-laundering tool by the North Korean Lazarus hacking group. [...]
Lazarus and its cohorts are switching loaders and other code between RustBucket and KandyKorn macOS malware to fool victims and researchers.