- Lazarus has been aggressively targeting Japanese crypto businesses through phishing
- Lazarus is responsible for several major hacks outside of the blockchain industry
- RIPPED price at time of writing – $5.88
According to a joint statement issued by the National Police and Japan Financial Services Agencies, the North Korean state-sponsored cybercriminal organization Lazarus has targeted Japanese cryptocurrency companies.
According to a Japan News report, phishing and social engineering were used in the attacks. The suspected Lazarus hackers posed as executives of encryption companies in emails and social media posts to communicate with the companies they wanted to target.
The attackers seized the cryptocurrency after infecting the internal systems of target companies with malware after making contact.
Lazarus was the prime suspect in a $100 million raid on Harmony Protocol.
Before making any arrests, authorities issued a warning statement naming the group a suspect, a move that has only been taken five times in Japan’s history.
Additionally, the joint statement provided some general security advice, advising potential targets to be cautious when opening emails or hyperlinks and to store their private keys offline.
The NPA said some of the attacks were successful, but did not say how much was stolen or what happened. The 2017 WannaCry ransomware attack, the 2014 Sony Pictures attack, and a series of cyber raids on pharmaceutical companies in 2020, including COVID-19 vaccine developers AstraZeneca, are attributed to Lazarus, which is moving into cryptocurrencies.
Lazarus also started stealing nine-digit crypto numbers this year. The group was linked in April to the landmark attack on Sky Mavis’s Ethereum Ronin sidechain, which cost $622 million.
Then in June, Lazarus was the prime suspect in a $100 million raid on Harmony Protocol.
ALSO READ: Your transactions may be censored by 51% of Ethereum node validators
Lazarus moves into crypto
Harmony’s Horizon Bridge, a cross-chain link between Harmony and Ethereum, Binance Chain, and Bitcoin, was the target of the June breach. At the time, Elliptic’s analysis revealed that the similarities between the two cross-chain bridge attacks strongly suggested Lazarus’s involvement.
This year, Lazarus also targeted cryptocurrency exchanges with malware-laden PDFs and fake job listings with links. ESET Labs researchers studying internet security discovered in August that a fictional Coinbase job listing was actually a Trojan horse used by the group.
Lazarus carried out the attack yet again last month by placing fake job advertisements on Crypto.com. One of the reasons cited by the US Treasury for banning the Tornado Cash crypto transaction privacy tool was the Lazarus Group’s documented use of it.