Some of the most expensive and high-profile crypto cyber attacks have been perpetrated by the Lazarus Group hacker group. Alex Smirnov is co-founder and project leader at deBridge Finance. He reported on Twitter that his company had been the victim of a cyberattack by the notorious North Korean Lazarus Group.
DeBridge is a cross-chain interoperability protocol and liquidity protocol that allows data and assets to be transferred between blockchains.
A phishing email sent by deBridge team members contained a PDF file titled “New Salary Adjustments” that appeared to have been from Smirnov.
Email spoofing refers to a type of attack in which malicious emails are made to appear as though they were sent from a trusted source. In this case, the co-founder of the company.
Smirnov wrote, “We have strict internal security policy and continue to work on improving them as we educate the team about potential attack vectors.”
Smirnov said that one employee downloaded the file and opened it. This prompted an investigation into the origin of the file and the intent of the hackers to attack.
“We checked that the file was not harmful to our colleague’s computer, then we warned the Web3 community so everyone can be prepared for similar situations,” Smirnov explained to Decrypt.
He compared the deBridge’s observation with another tweet from another user, which had similar characteristics, and pointed out the North Korean hacker group.
Smirnov stated that “Fast Analysis showed that received code collects A LOT OF information about the computer and exports it [the attacker’s command center]: usernames, OS infos, CPU infos, network adapters and running processes.”
Smirnov advised his followers not to open attachments from email without verifying the sender’s email address. He also suggested that they have an internal protocol to share attachments within their teams.
Lazarus Group is alleged to have been behind many high-profile crypto hacks including the $622 million Axie infinity Ronin Ethereum sidechain hack and the Harmony Horizon Bridge hack.
These types of attacks are quite common,” says David Schwed (chief operating officer at blockchain security firm Halborn). They rely on people’s curiosity by naming files information that might pique their curiosity, such as salary information.
Schwed said that we are witnessing more attacks targeting blockchain companies due to the high stakes associated with the immutability and integrity of the transactions.