- Lazarus has been aggressively targeting Japanese crypto companies through phishing
- Lazarus is responsible for several major hacks outside the blockchain industry
- TORN Price at the time of writing – $5.88
According to a joint statement issued by Japan’s National Police and Financial Services Agencies, the state-sponsored cybercriminal organization Lazarus of North Korea has targeted Japanese cryptocurrency businesses.
According to a report from Japan News, phishing and social engineering were used in the attacks. The alleged Lazarus hackers posed as crypto company executives in emails and social media posts in order to communicate with companies they wanted to target.
The attackers made off with cryptocurrency after infecting the internal systems of the target companies with malware after making contact.
Lazarus was the lead suspect in a $100 million raid on Harmony Protocol.
Before making any arrests, authorities issued an advisory statement naming the suspect group—a measure that has only been taken five times in Japan’s history.
In addition, the joint statement provided some general security tips, advising potential targets to be cautious when opening emails or hyperlinks and to offline store their private keys.
The NPA said that some of the attacks were successful, but it didn’t say how much was stolen or what happened. The WannaCry ransomware attack in 2017, the Sony Pictures attack in 2014, and a series of cyber raids on pharmaceutical companies in 2020, including COVID-19 vaccine developers AstraZeneca, are all attributed to Lazarus, who moves into crypto.
Lazarus also started stealing cryptographic nine-digit numbers this year. The group was linked in April to the historic attack on Sky Mavis’s Ethereum sidechain Ronin, which cost $622 million.
Then, in June, Lazarus was the main suspect in a raid on Harmony Protocol that cost $100 million.
Lazarus moves into crypto
Harmony’s Horizon bridge, a cross-chain link between Harmony and Ethereum, Binance Chain, and Bitcoin, was the target of the June breach. At the time, Elliptic’s analysis revealed that the similarities between the two cross-chain bridge attacks strongly suggest Lazarus’ involvement.
This year, Lazarus has also targeted crypto exchanges with malware-laden PDFs and fake job listings with links. ESET Labs researchers studying internet security discovered in August that a fictitious Coinbase job listing was actually a Trojan horse used by the group.
Lazarus carried out the attack once more last month by placing phony job advertisements on Crypto.com. One of the reasons cited by the U.S. Treasury for banning the crypto transaction privacy tool Tornado Cash was Lazarus Group’s documented use of it.