Latest Posts

Debridge Finance Suspects North Korean Hacking Syndicate Lazarus Group Attacked the Protocol’s Team

- Advertisement -


According to Debridge Finance co-founder Alex Smirnov, the notorious North Korean hacker syndicate Lazarus Group subjected Debridge to a cyberattack attempt. Smirnov warned the Web3 teams that the campaign was likely widespread.

Lazarus Group Suspected of Attacking Debridge Finance Team Members with Malicious Group Email

- Advertisement -

In 2022, there have been a large number of attacks on decentralized finance (defi) protocols such as bridging. Although most of the hackers are unknown, there are suspicions that the North Korean hacking collective Lazarus Group is behind a number of defi exploits.

- Advertisement -

In mid-April 2022, the Federal Bureau of Investigation (FBI), the US Department of the Treasury, and the Cybersecurity and Infrastructure Security Agency (CISA) stated that the Lazarus Group poses a threat to the crypto industry and participants. A week after the FBI warning, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) added three Ethereum-based addresses to the Specially Designated Nationals and Blocked Persons (SDN) list.

- Advertisement -

OFAC claims that the Ethereum address group is backed by members of the cybercrime syndicate Lazarus Group. In addition, OFAC linked the labeled Ethereum addresses to the Ronin bridge exploit (a $620 million Axie Infinity hack) with a group of North Korean hackers. On Friday, Alexey Smirnovco-founder Debridge Financewarned the crypto community and the Web3 community that the Lazarus Group was allegedly trying to attack the project.

“[Debridge Finance] was subjected to an attempted cyberattack, apparently by the Lazarus group. PSA for all teams in Web3, this campaign is likely to be widespread,” Smirnov. emphasized in your tweet. “The vector of attack was via email, and several of our team members received a PDF called “New Salary Adjustments” from an email address spoofing mine. We have strict internal security policies in place and are constantly working to improve them, as well as informing the team about possible attack vectors.” Smirnov continued by adding:

Most of the team members immediately reported the suspicious email, but one colleague downloaded and opened the file. This forced us to explore the attack vector in order to understand exactly how it should work and what the consequences will be.

Smirnov insisted that the attack would not infect macOS users, but when Windows users open a password-protected PDF file, they are asked to enter the system password. “The attack vector is as follows: the user opens [the] link from mail -> downloads and opens archive -> tries to open PDF, but PDF asks for password -> user opens password.txt.lnk and infects the whole system,” Smirnov tweeted.

Smirnov said that according to this Thread on Twitter the files contained in the attack on the Debridge Finance team had the same names and were “attributed to the Lazarus Group”. Debridge Finance Executive Director concluded:

Never open email attachments without verifying the sender’s full email address, and have an internal protocol for sharing attachments within your team. Please stay on SAFU and share this thread so everyone is aware of potential attacks.

The Lazarus Group and hackers in general have been successful in targeting defi projects and the cryptocurrency industry. Members of the crypto industry are considered targets because a number of firms are involved in finance, various assets and investments.

What do you think of Alex Smirnov’s report on the alleged Lazarus email attack? Let us know your thoughts on this in the comments section below.

Denial of responsibilityA: This article is for informational purposes only. This is not a direct offer or solicitation to buy or sell, or a recommendation or endorsement of any products, services or companies. Bitcoin.com does not provide investment, tax, legal or accounting advice. Neither the company nor the author is directly or indirectly liable for any damage or loss caused or alleged to be caused by the use of or reliance on any content, goods or services mentioned in this article.





Credit : news.bitcoin.com

- Advertisement -

Latest Posts

Don't Miss