DeBridge financial hacker Lazarus uses email spoofing

Alex Smirnov, co-founder of DeBridge Finance clearly The infamous North Korean Lazarus Group has revealed that it was behind an attempted cyberattack against a liquidity transfer protocol.

DeBridge provides a cross-chain interoperability and liquidity protocol for transferring data and assets between blockchains.

According to Smirnov, who also serves as the project lead, the attack was carried out via spoofed emails received by multiple DeBridge staff that contained a PDF file called “New Salary Adjustments” impersonating Smirnov.

Many team members quickly flagged the suspicious email, but unfortunately one of them downloaded and opened the file, compromising the company’s internal systems.

This initiated an investigation into the origin of the attack, how the hackers planned it, and potential consequences.

“With rapid analysis, the incoming code gathers a ton of information about your PC and uses it to [the attacker’s command center]: username, OS info, CPU info, network adapters and running processes,” Smirnov said.

Email spoofing is a type of cyberattack in which a hacker sends a manipulated email as if it originated from a trusted source.

“We have a strict internal security policy,” said the DeBridge owner.

“We have a strict internal security policy, we are continuously working to improve it, and we are educating our team on possible attack vectors,” Smirnov writes.

The DeBridge founder warned followers not to open email attachments without verifying the sender’s full email address, and to have an internal protocol for sharing attachments.

Lazarus Group has gained notoriety with several high-profile cryptocurrencies hack, such as the $622 million Axie infinity. Ronin Ethereum sidechain hack in March and Harmony Horizon Bridge hack in June.

Recently, North Korean hackers have been accused of breaking into job sites like LinkedIn and Indeed, stealing key information from real profiles, creating plagiarized resumes, and getting a job at a US cryptocurrency company. There is

These scammers were trying to secure employment at these companies as part of their larger goal of raising money for the regime of North Korean leader Kim Jong Un.

Experts also revealed that by gathering information from cryptocurrency companies, the North Korean government could use this information to study future cryptocurrency trends.

This information will help North Korea launder its cryptocurrency to evade Western sanctions.

In early 2021, the U.S. government issued a warning that North Korean citizens were trying to secure jobs in the international IT sector by posing as citizens of another country.

“[North Korea] Sending thousands of highly skilled IT workers around the world to generate revenues that contribute to weapons of mass destruction and ballistic missile programs, in violation of US and UN sanctions,” the advisory said. I’m here. DeBridge financial hacker Lazarus uses email spoofing

Back to top button