Key Takeaways
- Japan’s NPA and FSA have urged crypto firms to be vigilant of “phishing” attacks by the Lazarus Group.
- They also advised installing better security software and strengthening authentication methods when dealing with digital assets.
- Police claim that Lazarus Group utilizes social engineering to plan phishing attacks, posing as leaders of a target business to try to trick staff into clicking on harmful links or attachments.
North Korea’s Lazarus has been infamous for being the mastermind of several recent crypto hacks that have rocked the web3 space. In the latest public advisory statement, Japan’s National Police Agency (NPA) and Financial Services Agency (FSA) have sent out a warning to crypto firms, urging them to stay vigilant of “phishing” attacks by the Lazarus Group.
As per the Japanese police statement, the Lazarus group employs social engineering to plan phishing attacks, posing as leaders of a target business to try to trick staff into clicking on harmful attachments/links, “This cyber attack group sends phishing emails to employees impersonating executives of the target company through social networking sites with false accounts, pretending to conduct business transactions. The cyber-attack group [then] uses the malware as a foothold to gain access to the victim’s network.”
Further, in the advisory statement, FSA and NPA urged targeted organizations to retain their “private keys in an offline environment” and to “not open email attachments or hyperlinks carelessly.” Acknowledging that the common mode of attack for the Lazarus Group was phishing, the police also warned people and companies to “not obtain files from sources other than those whose authenticity can be verified.”
This comes amid recent reports phishing is a dominant method in which targeted emails are sent to victims to entice them into revealing personal information. There were reports recently that alleged that Lazarus has been targeting tech job seekers with spear phishing attacks using LinkedIn,
The NPA further suggested that digital asset holders “install security software,” strengthen identity authentication mechanisms by “implementing multi-factor authentication,” and also refrain from using the same password for multiple devices or services.
According to Katsuyuki Okamoto, from security firm Trend Micro, “Lazarus initially targeted banks in various countries, but recently it has been aiming at crypto assets that are managed more loosely.”
Lazarus Group was responsible for draining over $600 million in crypto from Ronin Bridge used by the NFT game Axie Infinity. As per Chainalysis data, North Korean hackers stole $840 million in the first five months of 2022, which is over $200 million more than they’d plundered in 2020 and 2021 combined.
