- Lazarus Aggressively Targets Japanese Crypto Companies Through Phishing
- Lazarus is responsible for several major hacks outside of the blockchain industry
- TORN price at time of writing – $5.88
According to a joint statement released by Japan’s national police and financial services agencies, North Korea’s state-sponsored cybercriminal organization Lazarus has targeted Japanese cryptocurrency firms.
According to a report by Japan News, phishing and social engineering were used in the attacks. The alleged Lazarus hackers impersonated crypto company executives in emails and social media posts to communicate with companies they wanted to target.
The attackers got away with the cryptocurrency after infecting the target companies’ internal systems with malware after making contact.
Lazarus was the prime suspect in a $100 million raid on Harmony Protocol.
Before making any arrests, authorities released a statement naming the suspect group, a move that has only been taken five times in Japanese history.
Additionally, the joint statement provided some general security advice, advising potential targets to be careful when opening emails or hyperlinks and to store their private keys offline.
The NPA said some of the attacks were successful, but it did not say how many were stolen or what happened. The WannaCry ransomware attack in 2017, the Sony Pictures attack in 2014, and a series of cyber-raids against pharmaceutical companies in 2020, including COVID-19 vaccine developers AstraZeneca, are all attributed to Lazarus, which passes to cryptography.
Lazarus also started stealing nine-digit crypto numbers this year. The group was linked in April to the historic attack on Ronin, the Ethereum sidechain of Sky Mavis, which cost $622 million.
Then, in June, Lazarus was the prime suspect in a Harmony Protocol raid that cost $100 million.
READ ALSO: Your transactions can be censored by 51% of Ethereum node validators
Lazarus goes crypto
Harmony’s Horizon Bridge, a cross-link between Harmony and Ethereum, Binance Chain and Bitcoin, was the target of the June breach. At the time, Elliptic’s analysis found that the similarities between the two cross-bridge attacks strongly suggest Lazarus’ involvement.
This year, Lazarus also targeted crypto exchanges with malware-laden PDFs and fake job postings with links. ESET Labs researchers who study internet security discovered in August that a fictitious Coinbase job listing was actually a Trojan used by the group.
Lazarus led the attack again last month by placing fake job postings on Crypto.com. One of the reasons cited by the US Treasury for banning the Tornado Cash crypto transaction privacy tool was the documented use of it by the Lazarus Group.