According to Alex Smirnov, co-founder of DeBridge Finance, the notorious North Korean hacking syndicate, Lazarus Group, has attempted a cyber attack on DeBridge. Smirnov warned the Web3 team that the campaign is likely to be widespread.
The Lazarus Group is suspected of attacking Debridge finance team members via malicious group emails.
Attacks against decentralized finance (Defi) protocols like Cross Chain Bridge in 2022 are very common. Most hackers are unknown, but the North Korean hacking group Lazarus Group is suspected of being behind many defi exploits.
In mid-April 2022, the Federal Bureau of Investigation (FBI), the U.S. Treasury Department, and the Cybersecurity and Infrastructure Security Administration (CISA) stated that the Lazarus Group was a threat to the crypto industry and its participants. one week after the FBI’s warning, the U.S. Treasury’s Office of Foreign Assets Control Bureau (OFAC) added three Ethereum-based addresses to the Specially Designated Nationals and Blocked Persons List (SDN).
OFAC claimed that the group of Ethereum addresses were maintained by members of the cybercrime syndicate Lazarus Group. Additionally, OFAC linked the flagged Ethereum address with the Ronin bridge exploit ($620M Axie Infinity hack) to a group of North Korean hackers. On Friday,Alex Smirnoff, co-founder ofDeBridge Finance, warned the crypto and Web3 community about the Lazarus Group’s alleged attempt to attack the project. The Lazarus Group is attempting to attack the project.
“DeBridge Finance is clearly the target of an attempted cyber attack by the Lazarus Group, a PSA against the entire Web3 team, and we believe this campaign is far-reaching,” Smirnov stressed in a tweet
“The attack vector was email, and several of our team members received a PDF file entitled ‘New Salary Adjustment’ from an email address that impersonated me. We have a strict internal security policy and are continuously working to improve it and educate our team on possible attack vectors.” Smirnov continued, adding.
Most team members immediately reported the suspicious email, but one colleague downloaded and opened the file. This led us to investigate the attack vector and understand how exactly it worked and what the consequences were.
Smirnov claimed that the attack does not infect macOS users, but when Windows users open a password-protected PDF, they are prompted to use their system password.” The attack vector is: user opens [link] from email -> downloads & opens archive -> tries to open PDF, PDF asks for password -> user opens password.txt.lnk and infects entire system infects the entire system,” Smirnov tweeted,saying.
Smirnov said that according to thisTwitter thread the file included in the attack against the DeBridge Finance team had the same name and was “attributed to Lazarus Group.” DeBridge Finance executives concluded that,:
Never open an email attachment without verifying the sender’s full email address and have internal policies on how your team shares attachments; keep up with SAFU and share this thread to let everyone know about the potential attack.
The Lazarus Group and hackers in general make a lot of money targeting defi projects and the cryptocurrency industry. Members of the crypto industry are considered targets because many companies are dealing with finances, an assortment of assets, and investments.
Image credits: Shutterstock, Pixabay, Wiki Commons