Co-founder and project manager at DeBridge Finance Alex Smirnov announced on Twitter on Friday that his business had been the subject of an attempted cyberattack by the notorious North Korean Lazarus Group.
DeBridge offers cross-chain liquidity and interoperability protocol for moving information and assets across blockchains.
The attack was launched using a hoax email many DeBridge team members received and contained a PDF file with the title “New Salary Adjustments” that purported to be from Smirnov.
Email spoofing is a kind of attack where a harmful email appears as though it came from a reliable source, in this case, the company's co-founder.
Smirnov stated, “We have stringent internal security standards and continually work on enhancing them and training the team about potential attack vectors.
Smirnov argued that one person downloaded and opened the file despite this, which led to an attack on the company’s internal systems. This sparked an inquiry into the source of the attack, the attack’s intended functionality, and any possible repercussions.
A brief examination revealed that the received malware collected a lot of PC-related data and exported it to [the attacker’s command center]: username, OS information, CPU information, network adapters, and running processes, according to Smirnov.
Smirnov contrasted what DeBridge observed with another Twitter message by a different user that displayed like traits and identified the North Korean hacker collective.
15/ According to the Twitter thread https://t.co/5YThfumjZD files with the same names (but different hashes) were noticed and attributed to Lazarus Group (North-Korean hackers).August 5, 2022
Smirnov advised his followers to develop an internal policy for how their team shares attachments and never open them without verifying the sender’s full email address.
“Never open email attachments without verifying the sender’s full email address, and have an internal protocol for how your team shares attachments! Please stay SAFU and share this thread to let everyone know about potential attacks”
18/ TL;DR: Never open email attachments without verifying the sender’s full email address, and have an internal protocol for how your team shares attachments!
Please stay SAFU and share this thread to let everyone know about potential attacks 🔐 🤝August 5, 2022
Lazarus Group Alleged to be Behind Several Hacks
Several prominent cryptocurrency thefts, including the $622 million Axie Infinity Ronin Ethereum sidechain compromise in March and the Harmony Horizon Bridge hack in June, are thought to have been the work of the Lazarus Group.
These assaults are frequent, “Observes Halborn CEO David Schwed, a company that provides blockchain protection. “By giving the names of the files that would catch people’s attention, such as salary information, they prey on people’s natural curiosity.
Given the increased stakes caused by the irreversibility of blockchain transactions, Schwed continued,
“We are witnessing an increasing number of these types of attacks explicitly targeting blockchain organizations.”