-
North Korea’s infamous Lazarus Group is mimicking venture capital firms and banks to steal cryptocurrencies, according to Kaspersky.
-
The state-sponsored cybercrime group is creating domains that present themselves as well-known Japanese, US and Vietnamese companies.
-
Lazarus was behind the $625 million Axie Infinity hack in April.
North Korea’s infamous Lazarus Group is mimicking venture capital firms and banks to steal cryptocurrency, according to a report from cybersecurity company Kaspersky.
The state-sponsored cybercrime group, which was was behind the $625 million Axie Infinity hack in April, is creating domains that present themselves as well-known Japanese, US and Vietnamese companies.
Kaspersky said Lazarus’ BlueNoroff subgroup is using new types of malware delivery methods that bypass security warnings about downloading content. They can then “intercept large cryptocurrency transfers, changing the recipient’s address, and pushing the transfer amount to the limit, essentially draining the account in a single transaction.”
While BlueNoroff has been quiet for most of the year, Kaspersky researchers said there’s been a recent uptick in activity. The FBI flagged the North Korean group in an alert in April.
Kaspersky’s lead security researcher said in a statement that 2023 will be marked by cyberattacks of unprecedented strength, and companies must work diligently to bolster security measures.
Hackers will become increasingly sophisticated
Ari Redbord, head of legal and government affairs at blockchain analytics firm TRM Labs, estimated that North Korea was responsible for more than $1 billion of the record $3.7 billion that crypto hackers around the globe swindled over the past year.
“When you’re talking about billions of dollars and North Korea, you’re talking about a country with essentially no GDP, so they’ve essentially created an economy laundering cryptocurrency and we know those funds aren’t going to fund a lifestyle,” Redbord told Insider. “They’ll be used for nuclear proliferation or ballistic missile systems. In 2022, these hacks moved from being a law enforcement issue to being a national security issue.”
In his view, 2022 was the year of the hack. While FTX’s crash and the so-called crypto winter dominated headlines, more pressing has been the crypto businesses getting attacked at an “alarming speed and scale.”
Over recent months, hackers have impersonated job recruiters and targeted specific individuals who had access to private keys. They’ve also used initial token offerings and social media to launch attacks, Redbord added.
He said North Korean crypto hackers seek out two key characteristics in targets: a high volume of liquidity and vulnerable cyberdefenses. Because of the nascent nature of the space, crypto companies exemplify both.
“The tactics North Korea are engaging in are becoming more sophisticated,” Redbord said. “There’s a sense out there that ‘phishing’ means casting a wide net, but the reality is these are extremely targeted, highly sophisticated activities.”
Read the original article on Business Insider
