Well-known cryptocurrency protocol deBridge Finance was recently the victim of an email-based cyber attack. However, it’s now come to light that the North Korea-run Lazarus group could be responsible for the deBridge attack.

What is the Lazarus Group?

The Lazarus Group sometimes referred to as the Guardians of Peace, is a team of state-sponsored hackers from North Korea. They have been active since around 2010. A number of large-scale digital attacks have been attributed to the group. A few of the most notable allegedly include the $600+ million Axie Infinity Ronin hack as well as the Harmon Horizon Bridge hack.

Lazarus Group PC

What Happened to deBridge Finance?

It was announced by the co-founder of deBridge Finance, Alex Smirnov, that his company was a target of an attempted cyberattack perpetrated by the North Korean Lazarus Group.

Smirnov took to Twitter to announce the attack

The attack involved Lazarus Group spoofing Smirnov’s email and sending a document to deBridge employees. The document was titled ‘New Salary Adjustments’ clearly named with the purpose of attempting to trick employees into opening the infected attachment. This is reminiscent of the WannaCry attack where an NHS employee mistakenly opened a malicious document, accidentally infecting almost every device connected to the network.

Thankfully, only a single person downloaded the file. Even still, an attack was triggered compromising the firms internal files. Smirnov stated that ‘Fast analysis showed that received code collects A LOT of information about the PC and exports it to [the attacker’s command center]: username, OS info, CPU info, network adapters, and running processes’.

Following the attack, Smirnov launched an investigation into the origin of the attack as well as its goal. The deBridge co-founder then compared his findings with another Twitter user. This showed that files with the same names had been attributed to the Lazarus Group.

Who’s Next?

Smirnov went on to warn other Web3 projects of the attack. He stated that the attack was likely widespread and teams should have internal protocols set up for file sharing.

North Korea hack

This type of attack is becoming increasingly common. Therefore it’s ever-more important to verify who emails have come from prior to opening. Almost anyone could be targeted so it’s crucial to keep your guard up and stay safe.

It seems that the Lazarus Group has ramped up its efforts to plunder cryptocurrency. However, the average person is equally as vulnerable to cyberattacks. Always take care when opening emails/documents and always verify the sender.

Related Posts

By Jay

Jay is a cryptocurrency expert based in the UK. He's invested in a wide range of projects, ranging from small-cap tokens to large-cap tokens like BTC and ETH. Outside of cryptocurrency he has an unyielding interest in everything related to the stock market. Currently, Jay has been focusing on the macroscale and institutional adoption.

Leave a Reply

Your email address will not be published.