North Korea’s state-sponsored group, Lazarus, has been attributed to a cyberattack on the blockchain platform, DeBridge Finance.
On Thursday, the co-founder of DeBridge Finance, Alex Smirnov, announced on Twitter that his company has been a victim of a cyberattack. He further revealed that the culprits are the Lazarus group and their campaign is likely to spread.
DeBridge Finance is a blockchain platform that offers cross-chain liquidity and interoperability protocols for moving information and assets between blockchains.
North Korea’s Hackers Pose as Smirnov
First, the hackers posed as Smirnov to send a malicious email from Smirnov. The content of the mail hinted at a new salary adjustment. They sent it to the members of DeBridge Finance team. The email spoofing attack used is the kind where a malicious email looks like it came from a trusted source, in this case, the co-founder of the company.
Smirnov argued that one person must’ve downloaded the file and opened it which led to an attack on the company’s internal systems. However, Smirnov added, “We have strict internal security policies and continuous work on improving them as well as educating the team about possible attack vectors.”
Furthermore, he said, “Fast analysis showed that the received code collects A LOT of information about the PC and exports it to [the attacker’s command center]: username, OS info, CPU info, network adapters, and running processes.”
Smirnov’s observations were compared to another Twitter user that identified similar activities and attributed them to North Korean hackers.
He advised his followers to develop an internal policy for how their team can share attachments. Additionally, he addressed them to never open email attachments without first verifying the sender’s full email address.
Previously, the Lazarus Group allegedly stole $100 million in a crypto hack. According to Elliptic (a blockchain company), they breached Horizon Bridge and carted about $100 million worth of cryptocurrencies from it. Authorities accused these hackers of various crypto theft including the $610 million Ronin Bridge cyberattack.