California-based cybersecurity firm SentinelOne released new research on Tuesday alleging Pyongyang’s Lazarus Group has been working in tandem with the makers of the TrickBot malware to achieve a “qualitatively new level of a cybercrime enterprise, which was never seen before in magnitude and complexity.”
“For me it’s the biggest crimeware story since I don’t-know-when,” SentinelOne researcher and co-author of the report Vitali Kremez told Reuters. “The Lazarus Group has a relationship with the most sophisticated, most resourceful Russian botnet operation on the landscape.”
According to the report, Lazarus Group - which has been accused of “malicious cyber activity” and subjected to sanctions by the US - lent its toolkit to the TrickBot “Anchor” project. The cybersecurity firm arrived at this conclusion after investigating the TrickBot Anchor server and identifying the presence of “PowerRatankba,” a tool previously identified in hacks attributed to the North Korea-based hacking group.
Earlier this year, PowerRatankba was identified as the malware strain responsible for the attack on the computer network of Chilean interbank connection company Redbanc.
“That’s the strongest possible evidence linking to a celebrated case of Lazarus intrusion,” Kremez told Reuters.
This is not the first time TrickBot and Lazarus Group have been linked. Back in July, Japanese telecommunications company NTT suggested the two may have collaborated on some level in the development of PowerBrace, a tool that provides backdoor access to PowerShell, Microsoft’s open-source operating system management framework.