Notorious North Korea-backed hacking group, Lazarus, has been launching phishing campaigns on the employees of Japanese cryptocurrency exchanges and successfully compromising businesses, Japan’s National Police Agency reported.
According to sources, the threat group contacted the employees via social networking websites and pursued them to download the malicious program. The malware then retrieved the employees’ login information, stealing crypto from the company’s main accounts. The Japanese police and Financial Services Agency of Japan have requested local cryptocurrency businesses to be on high alert for such attempts and store their private keys offline.
Lazarus Group attacks Japanese crypto firms
The Japanese newspaper Yomiuri Shimbun reported that it is unusual for Japanese police to identify the perpetrators publicly before arresting them. However, in this case, Lazarus seems to be an exception, as the news will help other companies mitigate hacking attempts, preventing potential damage to the crypto markets.
Sources claim that the threat actor stole cryptocurrencies worth US$650 million through Sky Mavis’ Ronin Bridge and US$100 million from Harmony’s Horizon Bridge, among many others that fell victim to the hacking group.
The threat group previously targeted crypto job seekers on LinkedIn, where it ran the ‘Operation Dream Job’ campaign to lure victims into giving information. It later used the same to blackmail them. The North Korean-backed threat actors have also targeted banks in various nations, with a particular focus on crypto assets and firms associated with the exchange of cryptocurrencies, as per a report by Katsuyuki Okamoto of security firm Trend Micro.
The police have not revealed the compromised individuals or companies, and the concerned authorities are investigating the phishing attempts.
Lazarus Group’s strategy explained
As per Cryptopotato, the threat actor uses phishing attacks instead of launching front-end assaults against the companies or blockchains. The NPA has advised crypto-related companies and individuals who have invested in crypto to be more cautious of their activities on the internet. They have also urged crypto exchanges to strengthen their platforms to avoid falling prey to hackers.
The Japanese authorities have enforced advisories over email attachments and advised companies not to open attachments without certainty. The advisory also suggested upgrading the authentication procedures and implementing better security protocols for employers and users.