North Korea’s Lazarus behind years of crypto hacks in Japan: Police

Published at: Oct. 17, 2022

Japan’s national police have pinned North Korean hacking group, Lazarus, as the organization behind several years of crypto-related cyber attacks. 

In the public advisory statement sent out on Oct. 14,  Japan’s National Police Agency (NPA) and Financial Services Agency (FSA) sent a warning to the country's crypto-asset businesses, asking them to stay vigilant of “phishing” attacks by the hacking groupaimed at stealing crypto assets.

The advisory statement is known as “public attribution,” and according to local reports, is the fifth time in history that the government has issued such a warning.

The statement warns that the hacking group uses social engineering to orchestrate phishing attacks — impersonating executives of a target company to try and bait employees into clicking malicious links or attachments.

“This cyber attack group sends phishing emails to employees impersonating executives of the target company [...] through social networking sites with false accounts, pretending to conduct business transactions [...] The cyber-attack group [then] uses the malware as a foothold to gain access to the victim's network.”

According to the statement, phishing has been a common mode of attack used by North Korean hackers, with the NPA and FSA urging targeted companies to keep their “private keys in an offline environment” and to “not open email attachments or hyperlinks carelessly.”

The statement added that individuals and businesses should “not download files from sources other than those whose authenticity can be verified, especially for applications related to cryptographic assets.”

The NPA also suggested that digital asset holders “install security software,” strengthen identity authentication mechanisms by “implementing multi-factor authentication” and not use the same password for multiple devices or services.

The NPA confirmed that several of these attacks have been successfully carried out against Japanese-based digital asset firms, but didn’t disclose any specific details.

Related: ‘Nobody is holding them back’ — North Korean cyber-attack threat rises

Lazarus Group is allegedly affiliated with North Korea’s Reconnaissance General Bureau, a government-run foreign intelligence group.

Katsuyuki Okamoto of multinational IT firm Trend Micro told The Yomiuri Shimbun that “Lazarus initially targeted banks in various countries, but recently it has been aiming at crypto assets that are managed more loosely.”

They have been accused of being the hackers behind the $650 million Ronin Bridge exploit in March, and were identified as suspects in the $100 million attack from layer-1 blockchain Harmony.

Tags
Blockchain
Business
Defi
Japan
Cybercrime
Cybersecurity
North Korea
Related Posts
SEC doubles down on crypto regulation by expanding unit
The United States Securities and Exchange Commission (SEC) announced Tuesday that it would nearly double the number of personnel responsible for safeguarding investors in cryptocurrency markets. As per the announcement, the SEC’s Cyber Unit, which includes the Crypto Assets and Cyber team, will hire 20 new people for 50 dedicated positions. The SEC stated that the 20 hires would include investigative staff attorneys, trial lawyers and fraud analysts. Chair Gary Gensler praised the appointments as long overdue and essential to overseeing one of Wall Street’s newest and most popular sectors. This is welcome news to many who have been concerned …
Adoption / May 3, 2022
Harmony hacker sends stolen funds to Tornado Cash mixer
The funds from Harmony’s Horizon Bridge have begun to move into the Tornado Cash Ethererum mixer, signaling that the attacker has no intention of accepting the $1 million bounty offered. The decision to obfuscate the ill-gotten gains answers questions about whether the Harmony team’s offer of just 1% of the $100 million in crypto funds stolen on Friday would be enough to convince the exploiter to return them. #PeckShieldAlert ~6k $ETH (~$7.1m) into @TornadoCash from @harmonyprotocol exploiters Intermediary address: 0x432...47ae pic.twitter.com/AR9dmJRQet — PeckShieldAlert (@PeckShieldAlert) June 27, 2022 A total of 18,036.3 Ether (ETH), worth about $21 million, was moved out …
Blockchain / June 28, 2022
Dingo crypto token flagged as scam over 99% transaction fee backdoor
The research arm of cybersecurity software firm Check Point has flagged the Dingo Token (DINGO) as a “potential scam” after reportedly discovering a smart contract function that has been used to manipulate transaction fees. In a Feb. 3 blog post, Check Point Research (CPR) said it looked into the code behind the Dingo Smart Contract, discovering a backdoor function "setTaxFeePercent," which can change the contract's buy and sell fee up to 99%. This is despite the project’s whitepaper stating that there is only a 10% fee per transaction. According to CPR, this essentially allows the project’s owner to withdraw up …
Blockchain / Feb. 6, 2023
Binance and Huobi freeze $1.4M in crypto linked to North Korean hackers
Cryptocurrency exchanges Binance and Huobi have again frozen accounts linked to the $100 million Harmony Horizon bridge attack on Jun. 24, 2022. Around $1.4 million worth of crypto frozen by the trading platforms came from accounts linked to the notorious Lazarus Group operating out of North Korea. The investigation was carried out by blockchain analytics firm Elliptic, according to a report shared by the firm on Feb. 14. However, the firm didn’t state what coins or tokens were frozen. Exchanges @binance and @HuobiGlobal today froze accounts containing $1.4 million stolen by North Korea’s Lazarus Group. This was made possible thanks …
Blockchain / Feb. 15, 2023
Top 7 cybersecurity jobs in high demand
In today’s digital age, cybersecurity has become a critical aspect of almost every business. Cyber threats are increasing daily, and businesses must take proactive measures to protect their networks and data. As a result, the demand for cybersecurity professionals has skyrocketed. Little Friday humour #meme #cybersecurity @hackurityio pic.twitter.com/MArEpCh03k — Harold De Vries (@devries_harold) February 17, 2023 In this article, we will discuss the top seven cybersecurity jobs that are in high demand. Cybersecurity analyst A cybersecurity analyst is responsible for identifying and mitigating cyber threats to an organization’s network and data. They examine system logs and network traffic to find …
Technology / Feb. 26, 2023