Skip to main content

North Korean hackers are targeting crypto workers

Hackers believed to be associated with the North Korean-based cybercriminal group Lazarus have attempted yet another digital heist by targeting cryptocurrency firm deBridge Finance.

As reported by Bleeping Computer, deBridge operates as a “liquidity transfer protocol that allows decentralized transfer of data and assets” between multiple blockchain platforms.

A hand on a laptop in a dark surrounding.
Image used with permission by copyright holder

That fact alone was reason enough for Lazarus to reportedly make the company its latest target. The breach was attempted by sending a phishing email to employees. If opened, it would infect the system with malware, subsequently allowing it to obtain sensitive information from Windows-powered devices in the network.

It would also lay the groundwork for another round of malicious code to be activated at an advanced stage of the cyber attack.

Employees of deBridge Finance received an email last week from the hackers, who posed as the firm’s co-founder, Alex Smirnov. The email contained bogus details about “new salary adjustments” via a HTML file.

That file was masked as a PDF, joined by a Windows shortcut file (.LNK) that tried to lure victims in by posing as a password text file.

Once the doctored PDF file is opened, a cloud storage location is subsequently launched, prompting the user to refer back to the fake text file for a password. From here, the LNK file connects to the Command Prompt with a command that retrieves and loads a payload that is stored remotely.

With the hackers now breaching the system with its malware, it could obtain relevant information about the target system such as the username, operating system, CPU, network adapters, and running processes.

Although the majority of employees who saw the email reported it as suspicious, one individual was unaware of the misleading nature of the contents. Once that employee downloaded and opened the fake document, Smirnov said he was able to examine the attack itself.

North Korean hackers from the Lazarus group are suspected to be behind this particular incident due to the similarity in file names and infrastructure discovered in an earlier attack.

The Lazarus group has certainly been active as of late. It recently tried to trick crypto experts with a similar email campaign by posing as cryptocurrency exchange Coinbase. Elsewhere, the hackers were linked to a huge $617 million crypto heist earlier this year.

Editors' Recommendations

Zak Islam
Computing Writer
Zak Islam was a freelance writer at Digital Trends covering the latest news in the technology world, particularly the…
This critical exploit could let hackers bypass your Mac’s defenses
A hacker typing on an Apple MacBook laptop while holding a phone. Both devices show code on their screens.

Microsoft has discovered a critical exploit in macOS that could grant hackers easy access to your Mac’s most important data. Dubbed ‘Migraine,’ it shows why it’s vital to update your Mac as soon as possible.

Migraine is so damaging because it can bypass Apple’s System Integrity Protection, or SIP for short. SIP is enabled by default on modern Macs and works by sandboxing sensitive parts of the computer from outside meddling. Only processes that are signed by Apple (or those with special privileges, like Apple installers) are allowed to alter something guarded by SIP.

Read more
Is ChatGPT creating a cybersecurity nightmare? We asked the experts
A person's hand holding a smartphone. The smartphone is showing the website for the ChatGPT generative AI.

ChatGPT feels pretty inescapable right now, with stories marveling at its abilities seemingly everywhere you look. We’ve seen how it can write music, render 3D animations, and compose music. If you can think of it, ChatGPT can probably take a shot at it.

And that’s exactly the problem. There's all manner of hand-wringing in the tech community right now, with commenters frequently worrying that AI is about to lead to a malware apocalypse with even the most green-fingered hackers conjuring up unstoppable trojans and ransomware.

Read more
Hackers may have stolen the master key to another password manager
keepass master password plain text vulnerability open padlock cybersecurity

The best password managers are meant to keep all your logins and credit card info safe and secure, but a major new vulnerability has just put users of the KeePass password manager at serious risk of being breached.

In fact, the exploit allows an attacker to steal a KeePass user’s master password in plain text -- in other words, in an unencrypted form -- simply by extracting it from the target computer’s memory. It’s a remarkably simple hack, yet one that could have worrying implications.

Read more