Well-known cryptocurrency protocol deBridge Finance was recently the victim of an email-based cyber attack. However, it’s now come to light that the North Korea-run Lazarus group could be responsible for the deBridge attack.
What is the Lazarus Group?
The Lazarus Group sometimes referred to as the Guardians of Peace, is a team of state-sponsored hackers from North Korea. They have been active since around 2010. A number of large-scale digital attacks have been attributed to the group. A few of the most notable allegedly include the $600+ million Axie Infinity Ronin hack as well as the Harmon Horizon Bridge hack.
What Happened to deBridge Finance?
It was announced by the co-founder of deBridge Finance, Alex Smirnov, that his company was a target of an attempted cyberattack perpetrated by the North Korean Lazarus Group.
Smirnov took to Twitter to announce the attack
The attack involved Lazarus Group spoofing Smirnov’s email and sending a document to deBridge employees. The document was titled ‘New Salary Adjustments’ clearly named with the purpose of attempting to trick employees into opening the infected attachment. This is reminiscent of the WannaCry attack where an NHS employee mistakenly opened a malicious document, accidentally infecting almost every device connected to the network.
Thankfully, only a single person downloaded the file. Even still, an attack was triggered compromising the firms internal files. Smirnov stated that ‘Fast analysis showed that received code collects A LOT of information about the PC and exports it to [the attacker’s command center]: username, OS info, CPU info, network adapters, and running processes’.
Following the attack, Smirnov launched an investigation into the origin of the attack as well as its goal. The deBridge co-founder then compared his findings with another Twitter user. This showed that files with the same names had been attributed to the Lazarus Group.
Smirnov went on to warn other Web3 projects of the attack. He stated that the attack was likely widespread and teams should have internal protocols set up for file sharing.
This type of attack is becoming increasingly common. Therefore it’s ever-more important to verify who emails have come from prior to opening. Almost anyone could be targeted so it’s crucial to keep your guard up and stay safe.
It seems that the Lazarus Group has ramped up its efforts to plunder cryptocurrency. However, the average person is equally as vulnerable to cyberattacks. Always take care when opening emails/documents and always verify the sender.