North Korea's Lazarus Group Attacks Various Japanese Cryptocurrency Exchange Platforms
Japanese authorities have revealed that the notorious North Korea-backed Lazarus Group has been attacking cryptocurrency exchange platforms in the region.
Japan's National Police Agency disclosed last week that several cryptocurrency exchange (CEX) platforms in the country suffered from multiple cyber attacks launched by the Lazarus Group. Employees received phishing emails that infect computers with malware that would eventually allow malicious actors to hack the system and steal crypto assets.
Aside from that, the hackers reportedly attempted to reach out to CEX employees via social networking sites to get them to download the malware. The Japanese authorities, including the country's Financial Service Agency, warned local cryptocurrency businesses to stay vigilant for these kinds of attempts and to safeguard their private keys offline.
"This cyber attack group [is] sending employees phishing emails pretending to be executives of the target company using fake accounts on social networking services to approach employees of the target company under the guise of transactions to get them to download malware, and use that malware as a foothold to gain access to the victim's network, using so-called social engineering as a method," the Japanese authorities said in a statement roughly translated by Google.
"It is said that it has used various other means to compromise computer networks related to the target and has been involved in the unauthorized theft of cryptographic assets is considered to continue," the authorities divulged in the statement. "Individuals and business operators involved in crypto-asset transactions should be highly aware of the fact that organized cyber-attacks targeting crypto-assets are being carried out, and take the following measures to reduce risks," the statement said.
"Please refer to the examples and take appropriate security measures. In addition, if any suspicious movement is detected, please promptly provide information to the relevant ministries and agencies, the police, security-related agencies, etc," the Japanese authorities warned crypto businesses.
Unfortunately, the authorities did not share details of the companies that were targeted or attacked by Lazarus Group, or if the alleged phishing attacks led to the hack of the businesses' systems. It is also worth noting that in the official joint statement, authorities named the group even before the actual arrest had not yet taken place.
© Copyright IBTimes 2024. All rights reserved.