According to Alex Smirnov, co-founder of Debridge Finance, the notorious North Korean hacking group Lazarus Group carried out an attempted cyber attack on Debridge. Smirnov has warned the Web3 team that the campaign could be widespread.
Lazarus Group allegedly used malicious group emails to attack Debridge finance team members
In 2022, decentralized finance (defi) protocols such as cross-chain bridges will be heavily attacked. While most hackers are unknown, it is suspected that the North Korean hacking group Lazarus Group is behind many of the defi exploits.
In mid-April 2022, the Federal Bureau of Investigation (FBI), the U.S. Treasury Department and the Cybersecurity and Infrastructure Security Agency (CISA) Say Lazarus Group is a threat to the crypto industry and players. A week after the FBI’s warning, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) Add to Three Ethereum-based addresses to the Specially Designated Nationals and Blocked Persons List (SDN).
OFAC claims that this set of ethereum addresses is maintained by members of the cybercrime group Lazarus Group. In addition, OFAC connected Flagged Ethereum address with Ronin bridge exploit ($620 million Axie Infinity hack) to North Korean hacking group. on Friday, Alex SmirnoffCo-founder Debridge Financialalerting the crypto and Web3 communities about Lazarus Group’s alleged attempts to attack the project.
“[Debridge Finance] Has been the target of an attempted cyber attack, apparently by the Lazarus group. PSA for all teams in Web3, this event is likely to be common,” Smirnov emphasize in his tweet. “The attack vector was via email, and several of our teams received a PDF called ‘New Salary Adjustment’ from an email address that spoofed me. We have strict internal security policies and are constantly working to improve them, And educate the team about possible attack vectors,” Smirnoff continued, adding:
Most team members immediately reported the suspicious email, but a colleague downloaded and opened the file. This led us to investigate the attack vector to understand how it should work and what the consequences would be.
Smirnov insists that the attack won’t infect macOS users, but that Windows users will be asked to use their system password when they open password-protected pdfs. “The attack vector is as follows: User opens [the] Link from email -> download and open archive -> try to open PDF but PDF asks for password -> user opens password.txt.lnk and infects whole system,” Smirnov tweet.
According to Smirnoff, according to this twitter thread The files included in the attack against the Debridge Finance team have the same name and are “attributed to the Lazarus Group.” Debridge Treasurer Summarize:
Never open email attachments without verifying the sender’s full email address, and develop internal protocols for how your team will share attachments. Please leave SAFU and share this post to let everyone know about potential attacks.
In general, Lazarus Group and hackers made a fortune by targeting defi projects and the cryptocurrency industry. Members of the crypto industry are considered targets as many companies deal with finances, various assets and investments.
What do you think of Alex Smirnov’s description of the so-called Lazarus group email attack? Let us know your thoughts on this topic in the comments section below.
Image Source: Shutterstock, Pixabay, Wiki Commons
Disclaimer: This article is for reference only. It is not a direct offer or an invitation to buy or sell, nor is it a recommendation or endorsement of any product, service or company. Bitcoin Network Does not provide investment, tax, legal or accounting advice. Neither the company nor the author is responsible, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any content, goods or services mentioned herein.