According to Debridge Finance co-founder Alex Smirnov, Lazarus Group, the notorious North Korean hacking syndicate, has exposed Debridge to an attempted cyber attack. Smirnov warned Web3 teams that the campaign is likely to be widespread.
Lazarus Group is suspected of attacking Debridge Finance team members with malicious email
There were a large number of attacks against decentralized finance (challenge) protocols such as Crossbridges in 2022. While most of the hackers are unknown, North Korean hacking group Lazarus Group is suspected of being behind a number of challenging exploits.
In mid-April 2022, the FBI, the US Treasury, and the Cybersecurity and Infrastructure Security Agency (CISA) said the Lazarus Group poses a threat to the crypto industry and its participants. A week after the FBI’s warning, the US Treasury’s Office of Foreign Assets Control (OFAC) added three Ethereum-based addresses to its list of Specially Designated Citizens and Blocked Persons (SDN).
OFAC alleged that the pool of Ethereum addresses is being held by members of the cybercrime syndicate Lazarus Group. In addition, OFAC linked Ethereum addresses tagged with the Ronin Bridge exploit (Axie Infinity hack worth $620 million) to a North Korean hacker group. on Friday, Alex Smirnovco-founder of Dibridge Financealerted the crypto community and Web3 about allegations that the Lazarus group attempted to attack the project.
“[Debridge Finance] It was the subject of an attempted cyber attack, apparently by the Lazarus Group. PSA for all teams in Web3, this campaign is probably going viral, Smirnov compressed in his tweet. “The attack was directed via email, with several members of our team receiving a PDF file called ‘New Salary Adjustments’ from an email address impersonating me. We have strict internal security policies in place and are constantly working to improve them as well as educating the team about potential attack factors.” Smirnov continued:
Most of the team members immediately reported the suspicious email, but a colleague downloaded and opened the file. This made us investigate the attack vector to understand exactly how it was supposed to work and what the consequences would be.
Smirnov insisted that the attack would not infect macOS users but when Windows users open the password-protected pdf file, they are required to use the system password. The attack prompt is as follows: User opens [the] Link from email -> downloads and open archive -> tries to open the PDF, but the PDF asks for a password -> user opens password.txt.lnk and infects the whole system,” Smirnov chirp.
Smirnov said so according to this Twitter theme The files contained in the attack on the Debridge Finance team are the same names and are “attributed to the Lazarus Group”. CEO Debridge Finance is over:
Never open email attachments without verifying the sender’s full email address, and you have an internal protocol for how your team shares attachments. Please stay SAFU and share this thread to let everyone know about possible attacks.
The Lazarus Group and hackers in general have made a killing by targeting challenging projects and the cryptocurrency industry. Members of the cryptocurrency industry are considered targets because a number of companies handle finances and a variety of assets and investments.
What do you think of Alex Smirnov’s account of the alleged Lazarus group email attack? Tell us your thoughts on this topic in the comments section below.
photo credits: Shutterstock, Pixabay, Wikicommons
disclaimer: This article is for informational purposes only. It is not a direct offer or solicitation of an offer to buy or sell, or a recommendation or endorsement of any products, services or companies. Bitcoin.com It does not provide investment, tax, legal or accounting advice. Neither the Company nor the author shall be liable, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any content, goods or services mentioned in this article.