PWSHub
Themes: Pagination size: Use the left or right arrow keys to navigate between pages 😉You can swipe to left or right to navigate between pages 😉

North Korean Hackers Behind DeBridge Finance Attack: Co-Founder - Decrypt

[decrypt.co]1 week agobyDecrypt / Jason Nelson

Alex Smirnov, co-founder and project lead at DeBridge Finance, took to Twitter on Friday to report that his company was the target of an attempted cyberattack by the infamous North Korean Lazarus Group.

DeBridge provides a cross-chain interoperability and liquidity protocol for transferring data and assets between blockchains.

The attack came via a spoofed email received by several DeBridge team members that contained a PDF file named "New Salary Adjustments," which appeared to come from Smirnov.

Email spoofing is a form of attack where a malicious email is manipulated to seem as if it originated from a trusted source, in this case, from the firm’s co-founder.

"We have strict internal security policies and continuously work on improving them as well as educating the team about possible attack vectors," Smirnov wrote.

Even so, Smirnov explained, one person downloaded and opened the file, which triggered an attack on the firm’s internal systems. This prompted an investigation into the attack's origin, how the hackers intended the attack to work, and any potential consequences.

"Fast analysis showed that received code collects A LOT of information about the PC and exports it to [the attacker's command center]: username, OS info, CPU info, network adapters, and running processes," Smirnov said.

Smirnov compared what DeBridge saw with another Twitter post by another user that showed similar characteristics and pointed to the North Korean hacker group.

15/ According to the Twitter thread https://t.co/5YThfumjZD files with the same names (but different hashes) were noticed and attributed to Lazarus Group (North-Korean hackers).

— deAlex (@AlexSmirnov__) August 5, 2022

Smirnov warned his followers to never open email attachments without verifying the sender's full email address and to have an internal protocol for how their team shares attachments.

18/ TL;DR: Never open email attachments without verifying the sender’s full email address, and have an internal protocol for how your team shares attachments!

Please stay SAFU and share this thread to let everyone know about potential attacks 🔐 🤝

— deAlex (@AlexSmirnov__) August 5, 2022

The Lazarus Group has allegedly been behind several high-profile crypto hacks, including the $622 million Axie Infinity Ronin Ethereum sidechain hack in March and the Harmony Horizon Bridge hack in June.

¨These types of attacks are fairly common," notes David Schwed, chief operating officer of blockchain security firm Halborn. "They rely on the inquisitive nature of people by naming the files something that would pique their interest, such as salary information.

"We are seeing more and more of these types of attacks specifically targeting blockchain companies given the heightened stakes due to the immutability of blockchain transactions," Schwed added.

Stay on top of crypto news, get daily updates in your inbox.

https://decrypt.co/106851/debridge-finance-targeted-by-north-korean-hackers-ceo-says

Related articles:

[ambcrypto.com] XRP's near-term trajectory can be dictated by the b...[bitcoin.com] Bitcoin Price Outlook for August: BTC Faces Some Important Tests in the Coming Weeks – Market Updates Bitcoin News[newsbtc.com] What Is FLOW Blockchain And Why Is The Price Up 100% In The Last 24 Hours?[dailyhodl.com] Popular Crypto Trader Forecasts What’s Next for Bitcoin (BTC), ApeCoin (APE) and Two Ethereum-Based Altcoins - The Daily Hodl[dailyhodl.com] Coinbase Scrutiny Ratcheting Up As the Leading US Crypto Exchange Is Hit With Two New Lawsuits - The Daily Hodl