Bitmex said it has thwarted an attempt at phishing attack by the Lazarus group, which describes the attempt as the use of “non-advanced” phishing methods by the notorious North Korea-connected group.
In a blog post published On 30 May, the Crypto exchange described how an employee was approached via LinkedIn under the guise of a web3 NFT cooperation.
The attacker tried to lure the target to run a Github project with malicious code on their computer, a tactic that, according to the company, has become a characteristic of Lazarus’ activities.
“The interaction is almost known whether you are familiar with the tactics of Lazarus,” Bitmex wrote, adding that the security team quickly identified the obscured JavaScript -Payload and has traced it to infrastructure that was previously linked to the group.
A likely failure in operational security also showed that one of the IP addresses related to North Korean activities was in the city of Jiaxing, China, about 100 km from Shanghai.
“A common pattern in their most important operations is the use of relatively non -advanced methods, often starting with phishing, to get a foothold in the systems of their target,” Bitmex wrote.
When investigating other attacks, it was noted that the hacking efforts of Noord -Korea were probably divided into several subgroups with different levels of technical refinement.
“This can be observed by the many documented examples of bad practices that come from these ‘frontline’ groups that perform social engineering attacks compared to the more advanced post-operating techniques that are used in some of these well-known hacks,” said it.
The Lazarus Group is an umbrella term used by cyber security companies and Western intelligence services to describe various hacking teams that operate under the leadership of the North Korean regime.
In 2024, chain analysis attributed $ 1.34 billion in stolen crypto for North Korean actors, accounting for 61% of all thefts that year for 47 incidents, a record high and an increase of 102% compared to the total of $ 660 million.
Still a threat
But as the founder and CEO of Nominis, Snir Levi warns the growing knowledge of the tactics of the Lazarus group does not necessarily make them less threat.
“The Lazarus group uses several techniques to steal cryptocurrencies,” he said Decrypt. “Based on the complaints we collect from individuals, we can assume that they try to cheat people every day.”
The size of some of their attempts was shocking.
In February, Hackers exhaustive More than $ 1.4 billion from Bybit, made possible by the group that an employee at Safe Wallet in order to run malicious code on their computer.
“Even the Bybit -Hack started with social engineering,” said Levi.
Other campaigns are Radiant Capital, where a contractor was compromised through a malignant PDF file that installed a back door.
The attack methods vary from basic phishing and fake offers to advanced tactics after access, such as smart contractcuffs and cloud infrastructure manipulation.
The Bitmex-Public Prosecution Service contributes to a growing number of evidence that documents Lazarus Group’s multi-layered strategies. It will follow another report from Kraken in May, in which the company described An attempt by a North Korean to be hired.
The American and international officials have said that Noord -Korea uses crypto -theft to finance its weapons programs, with some reports that estimate that it can deliver up to half of the budget for rocket development of the regime.
Edited by Sebastian Sinclair
Daily debrief Newsletter
Start every day with the top news stories at the moment, plus original functions, a podcast, videos and more.
