Japanese crypto companies have been targeted by the state-sponsored cyberterrorist organization Lazarus from North Korea, according to a joint statement from Japan’s National Police and Financial Services Agencies.
According to a report by Japan News, the attacks were conducted using phishing and social engineering techniques.
According to reports, Lazarus hackers contacted their targets by posing as executives of cryptocurrency startups in emails and on social media. After making contact, the attackers infiltrated internal systems of the target companies with malware before fleeing with cryptocurrency.
Before making any arrests, authorities issued an advisory statement naming the suspect group, a step that has only been used five times in Japan’s history.
Additionally, basic security advice was included in the joint statement, warning potential targets to keep their private keys offline and to be cautious when clicking on links or emails. The NPA acknowledged that a few of the attacks were successful but withheld further information or the value of the looted goods.
Lazarus enters the cryptosphere
The 2017 WannaCry ransomware assault, the 2014 Sony Pictures attack, and a series of cyber raids on pharmaceutical firms in 2020, notably COVID-19 vaccine producers AstraZeneca, are just a few of the significant attacks outside the blockchain sector that Lazarus is accountable for.
Lazarus also began stealing nine-digit cryptographic values this year.
North Korean hackers linked to $622 million Axie Infinity exploit by US Treasury
The massive $622 million attack on Sky Mavis’ Ethereum sidechain Ronin this month was linked to the organisation in April.
Then, in June, a $100 million raid on Harmony Protocol involved Lazarus as the main suspect.
The Harmony Horizon bridge, a cross-chain bridge linking Harmony to Ethereum, Binance Chain, and Bitcoin, was the target of the breach in June. Elliptic’s analysis at the time found that the parallels between the two cross-chain bridge attacks are a convincing argument for Lazarus’ involvement.
This year, Lazarus has also targeted cryptocurrency exchanges with phoney job postings that contained malicious links and PDFs.
Internet security experts at ESET Labs discovered a fake Coinbase job posting that was actually a Trojan horse in August. Lazarus reprised the attack last month using phoney Crypto.com job postings.
One of the justifications offered by the U.S. Treasury for outlawing Tornado Cash was its known use by Lazarus Group.
