Lazarus Group Exploits WinRAR Vulnerability for Massive Cryptocurrency Theft
Cybercriminals linked to North Korea stole cryptocurrency worth at least €2.02 billion in 2025. The Lazarus Group, a notorious hacking collective, exploited a flaw in WinRAR to carry out many of these attacks. Security firms now warn of rising threats as the group refines its tactics.
The Lazarus Group targeted high-value organisations throughout 2025. Centralised exchanges, venture capital firms, and Web3 platforms faced repeated attacks. Their methods combined social engineering, supply-chain breaches, and exploits in widely used software.
A critical vulnerability in WinRAR became a key tool for the group. Attackers distributed malicious RAR archives containing Blank Grabber malware. This software stole cryptocurrency wallet seeds, Discord tokens, and browser credentials.
Blockchain analysis by Chainalysis traced €2.02 billion in thefts to North Korea-linked hackers. The figure marks a 51% increase from the previous year. Security experts attribute the surge to the group’s growing adaptability and persistence.
Experts now recommend urgent protective measures. Updating WinRAR, deploying endpoint detection systems, and enforcing strict identity checks on social media could reduce risks. Financial and Web3 sectors remain prime targets for future attacks.
Read also:
- India's Agriculture Minister Reviews Sector Progress Amid Heavy Rains, Crop Areas Up
- Cyprus, Kuwait Strengthen Strategic Partnership with Upcoming Ministerial Meeting
- Inspired & Paddy Power Extend Virtual Sports Partnership for UK & Ireland Retail
- South West & South East England: Check & Object to Lorry Operator Licensing Now
