North Korea's Lazarus Attacks Local Japanese Crypto Companies: Details

Lazarus, the North Korea-backed hacker group, has been sending phishing emails to Japanese crypto exchange employees to infect their computers with malware, causing some companies to have their systems hacked and cryptocurrencies stolen, Japan’s National Police Agency announced last week. The police also said Lazarus had reached out to employees through social networking sites to persuade them to download the malware. Japanese police warned that the cyberattack group sends phishing emails to employees of a crypto firm, pretending to be an executive of the company.

In the public advisory statement issued on October 14, Japan’s National Police Agency (NPA) and Financial Services Agency (FSA) sent a warning to the country’s crypto-asset businesses. They urged them to stay vigilant of “phishing” attacks by the hacking group aimed at stealing crypto assets.

The statement reveals that phishing emails pretending to conduct business transactions contain malware and target it through social networking sites with false accounts. The cyber-attack group then uses the malware as a foothold to gain access to the victim’s network to steal crypto assets.

As per the statement, phishing has been a common mode of attack used by North Korean hackers. The NPA and FSA have urged targeted companies to keep their “private keys in an offline environment” and to “not open email attachments or hyperlinks carelessly.”

The statement also added that individuals and businesses should not download files from unknown sources. They should only download from sources whose authenticity can be verified, especially for applications related to cryptographic assets.

The NPA also suggested that digital asset holders “install security software” and strengthen identity authentication mechanisms by “implementing multi-factor authentication.” They also suggested account holders not use the same password for multiple devices or services.

The NPA confirmed that several of these attacks have been successfully carried out against Japanese-based digital asset firms. However, they haven’t disclosed any specific details.

The Lazarus group have been accused of being the hackers behind the $650 million (roughly Rs. 5,355 crore) Ronin Bridge exploit in March, and were identified as suspects in the $100 million (roughly Rs. 824 crore) attack from layer-1 blockchain Harmony.