TronWeekly

Crypto World News

You are here: Home / Archives for Lazarus Group

Lazarus Group

DeBridge Finance Hacker Lazarus Used Email Spoofing

by

DeBridge Finance Co-founder Alex Smirnov revealed that the notorious North Korean Lazarus Group was behind the attempted cyberattack on the liquidity transfer protocol.

DeBridge offers a cross-chain interoperability and liquidity protocol for transferring data and assets between blockchains.

Smirnov who also works as project lead said that the attack came through a spoofed email received by several DeBridge staff that contained a PDF file named “New Salary Adjustments,” impersonating Smirnov.

Although many team members immediately flagged the suspicious email, one of them unfortunately downloaded and opened the file, leading to the breach of the firm’s internal systems.

This initiated an investigation into the attack’s origin, how the hackers planned the attack to work, and any potential consequences.

“Fast analysis showed that received code collects A LOT of information about the PC and exports it to [the attacker’s command center]: username, OS info, CPU info, network adapters, and running processes,” Smirnov said.

Email spoofing is a type of cyber attack in which a hacker sends an email that has been manipulated to seem as if it originated from a trusted source.

DeBridge owner says ” We have strict internal security policies”

“We have strict internal security policies and continuously work on improving them as well as educating the team about possible attack vectors,” Smirnov wrote.

DeBridge founder put out a word of caution to his followers to never open email attachments without checking the sender’s full email address and to have an internal protocol for sharing attachments.

The Lazarus Group has earned notoriety for several high-profile crypto hacks, such as the $622 million Axie infinity. Ronin Ethereum sidechain hack in March and the Harmony Horizon Bridge hack in June.

Recently the North Korean hackers have been accused of infiltrating job sites like LinkedIn and Indeed and stealing key information from real profiles to build plagiarized resumes and land jobs at U.S. cryptocurrency firms, security analysts have found.

These fraudsters were attempting to secure employment at these firms as part of a larger goal to raise funds for North Korean leader Kim Jong Un’s regime.

Experts also disclosed that by collecting information from crypto firms, North Korea’s government could use this information to study future cryptocurrency trends.

This information would then help Pyongyang launder cryptocurrencies to circumvent Western sanctions.

Earlier in 2021, the U.S. government issued a warning that North Korean citizens were posing as citizens of other countries and attempting to secure work in international IT sectors.

“[North Korea] dispatches thousands of highly skilled IT workers around the world to generate revenue that contributes to its weapons of mass destruction and ballistic missile programs, in violation of U.S. and U.N. sanctions,” the advisory said.

North Korean Hacker Group Lazarus Behind Ronin Bridge Hack

by

According to the US Treasury and blockchain analytics firm Chainalysis, North Korea’s Lazarus hacker cell is tied to the crypto industry’s largest-ever attack.

The US Treasury and FBI have been collaborating to figure out who was behind the Ronin bridge hack in late March, which resulted in the theft of more than $615 million in bitcoin.

The FBI revealed that the crime was carried out by the Lazarus Group and APT38 hacking groups after an investigation. According to Bloomberg, the agency noted that these crimes provide valuable cash for the North Korean leadership.

Lazarus – the largest hacking group

The attackers employed the Tornado Cash Ethereum transaction anonymizing service to conceal their traces, transferring as much as 28,000 ETH via the mixer.

In 2014, the Lazarus Group made headlines when it was accused of hacking Sony Pictures Entertainment. The invasion was retaliation to the release of “The Interview,” a satirical film mocking North Korean leader Kim Jong Un.

The US Department of Treasury’s Office of Foreign Assets Control amended its Specially Designated Nationals. It Blocked Persons’ List with an Ethereum address ascribed to the Lazarus Gang, a North Korean cybercrime group, according to the blockchain analytics firm Chainalysis in a Twitter thread.

The address 0x098B716B8Aaf21512996dC57EB0615e2383E2f96 has also been linked to the hack. This proves that the gang was behind the Ronin Bridge breach on March 23, which resulted in the theft of 173,600 Ethereum and 25.5 million USDC.

The importance of understanding how North Korean actors use crypto for criminal reasons was underlined by Chainalysis. Furthermore, the blockchain security firm warned of the necessity for enhanced security on decentralized banking protocols.

Furthermore, the blockchain security firm warned of the necessity for enhanced security on decentralized banking protocols. The company finished by stating that its products have been updated to reflect the Lazarus Group’s ETH address in the Sanctions category.

Sky Mavis built the Ronin Network as a sidechain for Axie Infinity, the most popular play-to-earn blockchain game.

The Ronin Bridge was hacked on March 23, but it took the Ronin team six days to find the vulnerability, worth over half a billion dollars.

Following the hack, the Ronin team stated that it was collaborating with numerous federal agencies as well as Chainalysis to figure out who was behind the assault.

Report: North Korea Hacking Group Targeting Government COVID-19 Stimulus Checks

by

Popular North Korea hacking group, Lazarus Group, is preparing to launch a massive cyberattack this weekend. According to a report by the Internet security company Cyfirma, the infamous North Korean hacking group, the attack will take place after the government distributes the COVID-19 stimulus checks.

The notorious hacking syndicate may target Americans who are recipients of government stimulus checks, and all the recipients of stimulus checks worldwide. The group has planned a phishing strategy according to the report, targeting some specific 5 million individuals and companies, bridging across the United States, UK, Japan , India, Singapore and South Korea.

North Korea hacking group plans to impersonate government officials

The internet security firm anticipates the group to launch the attack this weekend for two days, impacting small, medium, and large businesses, on top of individual people. The plan is to lure these individuals by mimicking a government official, or the governing body in the victim’s country.

According to Cryfirma, if the individuals fall for the trap, they may then disclose information that the North Korea hacking group can use to access vital accounts. The report reads: 

“The hacking campaign involved using phishing emails under the guise of local authorities in charge of dispensing government-funded Covid-19 support initiatives. These phishing emails are designed to drive recipients to fake websites where they will be deceived into divulging personal and financial information.”

Massive phishing strategy

Every nation included in the report is undertaking some stimulus, either for businesses, its citizens, or even both of them. All the strategies outlined by Cryfirma in the report involve luring the victims by extra payouts, to squeeze out more private information, maybe to sell on the dark web.

Furthermore, the internet security firm has highlighted some emails that are likely to be used in the phishing plan. Cryfirma has identified the following emails as impersonator accounts:

covid19notice@usda.gov;

ccff-applications@bankofengland.co.uk;

covid-support@mom.gov.sg; 

covid-support@mof.go.jp; 

ncov2019@gov.in; 

fppr@korea.kr.