Debridge Finance suspects North Korean hacking syndicate Lazarus Group attacked protocol team – Bitcoin News

According to Alex Smirnov, co-founder of Debridge Finance, the notorious North Korean hacking syndicate Lazarus Group exposed Debridge to a cyberattack attempt. Smirnov warns the Web3 team that the campaign is likely widespread.

Lazarus Group allegedly attacked Debridge Finance team members with malicious group emails

In 2022, there are a number of attacks against decentralized finance (defi) protocols such as cross-chain bridges. Most of the hackers are unknown, but North Korean hacking group Lazarus Group is suspected to be behind a number of defi exploits.

In mid-April 2022, the Federal Bureau of Investigation (FBI), the U.S. Treasury Department, and the Cybersecurity and Infrastructure Security Agency (CISA) said Lazarus Group was a threat to the cryptocurrency industry and participants. A week after the FBI’s warning, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) added three Ethereum-based addresses to its Specially Designated Nationals and Blocked Persons List (SDN).

OFAC claimed that the group of Ethereum addresses is maintained by members of the cybercrime syndicate Lazarus Group. Additionally, OFAC has linked flagged Ethereum addresses to a North Korean hacker group in the He Ronin bridge exploit (his $620 million Axie Infinity hack). On Friday, Alex SmirnoffCo-founder of Debridge Finance.

“[Debridge Finance] has apparently been the target of a cyberattack attempt by the Lazarus group. His PSA for all Web3 teams, this campaign is probably widespread, ”he said Smirnov. emphasized on his tweet. “The attack vector was via email, and some of our team received a PDF file named ‘New Salary Adjustment’ from my spoofed email address. We have a strict internal security policy that we are continuously improving and educating our team on possible attack vectors. ” Smirnov continued, adding:

Most team members immediately reported the suspicious email, but one colleague downloaded and opened the file. This forced us to investigate attack vectors to understand how it works and what the consequences are.

Smirnov claimed that the attack did not affect macOS users, but when Windows users opened password-protected PDFs, they were prompted to use the system password. “The attack vector is: User opens [the] Link from email -> Download and open archive -> Tries to open PDF but PDF asks for password -> User opens password.txt.lnk and infects entire system,” Smirnov said. says. murmured.

Smirnov, according to this twitter thread The file included in the attack against the Debridge Finance team had the same name and was “attributed to the Lazarus Group.” Executive at Debridge Finance Conclusion:

Do not open email attachments without verifying the sender’s full email address. Also, have an internal protocol on how your team will share attachments. Stay SAFU and share this thread to let everyone know about potential attacks.

In general, Lazarus Group and hackers have been very successful in targeting defi projects and the cryptocurrency industry. Members of the cryptocurrency industry are considered targets as many companies deal with finances, various assets and investments.

Tags for this story

alex smirnoff, attack, crypto, cryptocurrency, debridge finance, DeFi, digital assets, exploits to infect systems, hackers, Lazarus Group, Lazarus Group attack, malicious email, north korea, north korea Lazarus Group, north korea hackers, passwords, PSA, suspicious emails, team attacks, widespread attacks

What are your thoughts on Alex Smirnov’s explanation of the alleged Lazarus Group email attack? Let us know what you think about the matter in the comments section below.

Jamie Redman

Jamie Redman is a news lead for News and a financial tech journalist living in Florida. Redman has been an active member of the cryptocurrency community since 2011. He is passionate about Bitcoin, open source code and decentralized applications. Since September 2015, Redman has written over 5,700 articles for News about disruptive protocols currently emerging.

image credit: Shutterstock, Pixabay, Wiki Commons

Disclaimer: This article is for informational purposes only. This is not a direct offer or solicitation of an offer to buy or sell, or a recommendation or endorsement of any product, service or company. does not provide investment, tax, legal or accounting advice. NEITHER THE COMPANY NOR THE AUTHOR WILL BE LIABLE, DIRECTLY OR INDIRECTLY, FOR ANY DAMAGE OR LOSS ARISING OR ALLEGED TO OCCUR ARISING OUT OF OR RELATING TO YOUR USE OF OR RELIANCE ON ANY CONTENT, PRODUCTS, OR SERVICES DESCRIBED IN THIS ARTICLE. We are not responsible.

Debridge Finance suspects North Korean hacking syndicate Lazarus Group attacked protocol team – Bitcoin News

Source link Debridge Finance suspects North Korean hacking syndicate Lazarus Group attacked protocol team – Bitcoin News

Related Articles

Back to top button