30 Under 30 2024

The Reconnaissance General Bureau of North Korea targets crypto assets with poorly enforced management

North Korean hackers responsible for several years of cyberattacks relating to crypto frequently use phishing as a method of attack

Shashank Bhardwaj
Published: Oct 18, 2022 02:43:06 PM IST
Updated: Oct 18, 2022 02:54:12 PM IST

The Reconnaissance General Bureau of North Korea targets crypto assets with poorly enforced managementImage: Shutterstock

Japanese crypto companies have been targeted by the state-sponsored cyber terrorist organisation Lazarus from North Korea, according to a joint statement from Japan's National Police and Financial Services Agencies.

Japan News reported that phishing and social engineering techniques were used in the attacks.

In emails and on social media, Lazarus hackers allegedly contacted their targets while pretending to be CEOs of bitcoin firms. Following the first contact, the attackers used malware to enter the target companies' internal systems before escaping with crypto assets.

Authorities utilised a procedure that has only been applied five times in Japan's history: they released an advisory statement naming the suspect group before making any arrests.

The joint statement also contained some basic security guidance, advising potential targets to keep their private keys offline and to exercise caution when clicking on links or emails. While admitting that some of the attacks were successful, the NPA concealed other details and the cost of the looted products.

Just a handful of the notable incidents outside the blockchain industry for which Lazarus is responsible include the 2017 WannaCry ransomware attack, the 2014 Sony Pictures hack, and a series of cyber raids on pharmaceutical companies in 2020, including COVID-19 vaccine makers AstraZeneca.

Lazarus began stealing nine-digit crypto values this year as well. The organisation was linked to the attack on Sky Mavis' Ethereum sidechain Ronin this month, which cost $622 million.

Then, in June, Lazarus was the primary suspect in a $100 million raid on Harmony Protocol.

The hack in June targeted the Harmony Horizon bridge, a cross-chain link connecting Harmony to Ethereum, Binance Chain, and Bitcoin. According to Elliptic's analysis, the similarities between the two cross-chain bridge attacks provide strong support for Lazarus' involvement.

Lazarus has also targeted crypto exchanges this year with phoney job advertising that included malware PDFs and links.

In August, internet security specialists from ESET Labs found a Trojan horse-infected bogus Coinbase job posting. Using phoney job listings from Crypto.com, Lazarus carried out the attack once more last month.

Reconnaissance General Bureau, a foreign intelligence agency run by the North Korean government, is rumoured to have ties to Lazarus Group.

Shashank is founder at yMedia. He ventured into crypto in 2013 and is an ETH maximalist.

Post Your Comment
Required, will not be published
All comments are moderated