Skip to main content

North Korean hackers are targeting crypto workers

Hackers believed to be associated with the North Korean-based cybercriminal group Lazarus have attempted yet another digital heist by targeting cryptocurrency firm deBridge Finance.

As reported by Bleeping Computer, deBridge operates as a “liquidity transfer protocol that allows decentralized transfer of data and assets” between multiple blockchain platforms.

A hand on a laptop in a dark surrounding.
Image used with permission by copyright holder

That fact alone was reason enough for Lazarus to reportedly make the company its latest target. The breach was attempted by sending a phishing email to employees. If opened, it would infect the system with malware, subsequently allowing it to obtain sensitive information from Windows-powered devices in the network.

It would also lay the groundwork for another round of malicious code to be activated at an advanced stage of the cyber attack.

Employees of deBridge Finance received an email last week from the hackers, who posed as the firm’s co-founder, Alex Smirnov. The email contained bogus details about “new salary adjustments” via a HTML file.

That file was masked as a PDF, joined by a Windows shortcut file (.LNK) that tried to lure victims in by posing as a password text file.

Once the doctored PDF file is opened, a cloud storage location is subsequently launched, prompting the user to refer back to the fake text file for a password. From here, the LNK file connects to the Command Prompt with a command that retrieves and loads a payload that is stored remotely.

With the hackers now breaching the system with its malware, it could obtain relevant information about the target system such as the username, operating system, CPU, network adapters, and running processes.

Although the majority of employees who saw the email reported it as suspicious, one individual was unaware of the misleading nature of the contents. Once that employee downloaded and opened the fake document, Smirnov said he was able to examine the attack itself.

North Korean hackers from the Lazarus group are suspected to be behind this particular incident due to the similarity in file names and infrastructure discovered in an earlier attack.

The Lazarus group has certainly been active as of late. It recently tried to trick crypto experts with a similar email campaign by posing as cryptocurrency exchange Coinbase. Elsewhere, the hackers were linked to a huge $617 million crypto heist earlier this year.

Editors' Recommendations

Zak Islam
Former Digital Trends Contributor
Zak Islam was a freelance writer at Digital Trends covering the latest news in the technology world, particularly the…
In the age of ChatGPT, Macs are under malware assault
A person using a laptop with a set of code seen on the display.

It's common knowledge -- Macs are less prone to malware than their Windows counterparts. That still holds true today, but the rise of ChatGPT and other AI tools is challenging the status quo, with even the FBI warning of its far-reaching implications for cybersecurity.

That may be why software developer Macpaw launched its own cybersecurity division -- dubbed Moonlock -- specifically to fight Mac malware. We spoke to Oleg Stukalenko, Lead Product Manager at Moonlock, to find out whether Mac malware is on the rise, and if ChatGPT could give hackers a massive advantage over everyday users.
State-sponsored attacks

Read more
Hackers are using AI to create vicious malware, says FBI
A hacker typing on an Apple MacBook laptop while holding a phone. Both devices show code on their screens.

The FBI has warned that hackers are running wild with generative artificial intelligence (AI) tools like ChatGPT, quickly creating malicious code and launching cybercrime sprees that would have taken far more effort in the past.

The FBI detailed its concerns on a call with journalists and explained that AI chatbots have fuelled all kinds of illicit activity, from scammers and fraudsters perfecting their techniques to terrorists consulting the tools on how to launch more damaging chemical attacks.

Read more
DOJ’s new NatSec Cyber unit to boost fight against state-backed hackers
A hacker typing on an Apple MacBook laptop while holding a phone. Both devices show code on their screens.

Eyeing the increasing threat of damaging cyberattacks by hackers backed by hostile foreign states, the U.S. Justice Department (DOJ) on Tuesday announced the creation of the National Security Cyber Section -- aka NatSec Cyber -- within its National Security Division (NSD).

Hackers operating out of countries like China, Russia, and North Korea seek to cause disruption across a wide range of sectors, steal government and trade secrets, spy on targets, and raise revenue via extortion. Such nefarious activities have long been a concern for those overseeing U.S. national security, and the DOJ’s new unit aims to improve the efficiency of tackling the perpetrators’ operations.

Read more