wed 20 Apr 2022 ▪ 13:00 ▪
4
min reading – per
The FBI and the US Treasury Department recently unveiled the author of the hacking from Ronin: Lazarus Group. It is a North Korean entity bringing together hacker deliberately targeting cryptocurrency exchanges, DeFi protocols and games Play-to-Earn. Even wealthy people are included in their game list.
Lazarus’ crypto hacking method unveiled
How about we start our presentation with a little quiz?
Who am I? I have been attributed the Bangladesh Bank cyberattack, the Sony Pictures, WannaCry raids and recently the hacking from the Ronin Bridge (Axie Infinity). I am Lazarus Group, whose name frequently comes up on the lips of FBI agents and those of the Treasury Department. Often, the name of President Kim Jung-un is mentioned among the beneficiaries of the pact stolen by the team.
Moreover, the latter have launched a new alert against this group of North Korean cybercriminals. And at the same time, these institutions have made public the modus operandi Lazarus before inviting companies to fix these vulnerabilities.
The joint statement of the two American institutions describes the process as follows :
- incentive to download crypto applications” trojanized ”of an authentic appearance, which the US government calls “TraderTraitor” ;
- taking control of the victim’s computer ;
- distribution of malware ;
- theft of private keys.
Here is an excerpt from the announcement :
« These actors will likely continue to exploit the vulnerabilities of cryptocurrency technology companies, gaming companies and stock exchanges to generate and launder capital in order to support the North Korean regime. »
Often, the Lazarus Group chooses system administrators or software developers as victims. He sends them messages that present themselves as a tempting job offer. After receiving it, these people will go directly to download the application category mentioned above. And you know the rest.
The recommendations of the Treasury Department and the FBI for companies concerned about their security are legion. Among them we will mention :
- the use of separate networks in order to limit the scope of the attack ;
- the establishment of “ a timely vulnerability and patch management program » ;
- educating employees on how social engineering attacks manifest themselves ;
- the provision of training offers on the warning signs of social engineering ;
- vigilance against links and attachments from suspicious senders ;
- etc.
Companies have also been warned that the Lazarus Group is used to hacking email addresses and social media accounts. Thus, staff members are invited to change their passwords regularly and not to skimp on the use of multifactor authentication. This will indeed allow another layer of defense.
This warning comes at the right time in a context where the Lazarus group has caused a stir in the crypto community. Why “zizanie”? Because the attack on Ronin, the blockchain powering Axie Infinity, would be the most devastating in the history of cryptocurrencies.
Source : CoinMarketCap
Receive a digest of the news in the world of cryptocurrencies by subscribing to our new service of daily and weekly so you don’t miss anything essential Cointribune!
The blockchain and crypto revolution is underway! And the day when the impacts will be felt on the most vulnerable economy in this world, against all hope, I will say that I had something to do with it
