At the end of last week, the Japanese government issued a warning to national companies specializing in digital assets. By asking them in particular to remain vigilant against phishing attempts. A method frequently used by the North Korean hacker group Lazarus.
Lazarus: An essential organization for Pyongyang!
For several years now, the group has been carrying out large-scale cyber espionage operations. Cybercriminals target particularly sensitive sectors such as aerospace or even defence.
To reach their targets, spies almost always use the same technique: phishing through professional social networks like LinkedIn. Passing themselves off as recruiters for large companies, these fake headhunters really only hope for one thing: to penetrate the industrial secrets of companies for which these profiles have already worked or are still working.
And the trap is well established. The interview often continues via other networks like Slack or WhatsApp. Fake recruiters then seek to have their victims download documents presented as forms. It is actually malware. If the group has often focused on South Korean targets, Lazarus has also caused a lot of talk during the hacking of Sony Pictures’ servers. Accusing the firm of ridiculing the regime of Kim Jong Un, the group of hackers had therefore replied by computer.
Good to know : According to British intelligence data, it was estimated in 2021 that the group consisted of more than 6,000 different hackers.
The group of hackers “specializes” in digital assets!
If Lazarus is now known worldwide for repeated data theft attempts, he is also known for other misdeeds. In particular the theft of funds from banks. The “subsidiary” BlueNoroff is also specialized in this type of task. In 2016, the Lazarus division, for example, was able to exploit a flaw in the Swift messaging system. Via this loophole, she managed to steal more than 80 million euros from the central bank of Bangladesh. On several occasions, BlueNoroff has also succeeded in corrupting the security of ATMs to steal tens of millions of dollars. These repeated attacks earned Lazarus his nickname as the world’s greatest bank robber.
Since you have to move with the times, Lazarus also takes a broad look at digital assets. From 2018, it was the Coincheck platform that paid the price for the group of hackers. Amount stolen? Over $500 million. And in recent years, the group’s actions on the digital asset sector are intensifying. Lazarus is also among the main suspects in the attack on the Ronin blockchain. An attack worth more than 650 million dollars. The attack on the Harmony blockchain and its 100 million dollars stolen could also be the work of the group of North Korean hackers.
It is for this reason that the Japanese government is sounding the alarm. By arguing that attacks on crypto funds are more common today because these are “managed more flexibly”.
The recommendations of the Japanese government!
This warning from the authorities is ultimately quite rare. Indeed, according to local reports, this is only the fifth time authorities have issued such a warning. But in detail, the recommendations ultimately remain quite basic.
If the government authorities recall the methodology used by Lazarus, they above all indicate a few security points to be respected in order to limit the risks. Elements that are mainly aimed at individuals:
- Do not download files from sources whose authenticity cannot be verified
- Install security software for holders of digital assets
- Reinforce authentication mechanisms and favor double authentication as much as possible
The NPA report also indicates that some such attacks have already been carried out against local crypto businesses. Without providing more information.
Read also: How to avoid crypto scams?