- According to Kaspersky, North Korea’s notorious Lazarus group is mimicking venture capital firms and banks to steal cryptocurrencies.
- The state-sponsored cybercriminal group is creating domains posing as well-known Japanese, US and Vietnamese companies.
- Lazarus was behind the $625 million Axie Infinity hack in April.
North Korea’s notorious Lazarus group is mimicking venture capital firms and banks to steal cryptocurrency, according to a report by cybersecurity firm Kaspersky.
The state-sponsored cybercrime group, which was behind the $625 million Axie Infinity hack in April, is creating domains posing as well-known Japanese, US and Vietnamese companies.
Kaspersky said that Lazarus’ BlueNoroff subgroup uses new types of malware delivery methods that bypass security warnings on content downloads. They can then “intercept large cryptocurrency transfers, change the recipient’s address, and push the transfer amount to its limit, essentially draining the account in a single transaction.”
While BlueNoroff has been quiet for most of the year, Kaspersky researchers said there has been a recent increase in activity. The FBI flagged the North Korean group in an alert in April.
Kaspersky’s chief security researcher said in a statement that 2023 will be marked by cyberattacks of unprecedented strength and that companies must work diligently to strengthen security measures.
Hackers will get more and more sophisticated
Ari Redbord, head of legal and government affairs at blockchain analytics firm TRM Labs, estimated that North Korea is responsible for more than $1 billion of the $3.7 billion that crypto hackers around the world have scammed in the last year.
“When you talk about billions of dollars and North Korea, you’re talking about a country with essentially no GDP, so they’ve essentially created an economy that launders cryptocurrency, and we know those funds aren’t going to finance a way of life,” Redbord told Insider. “They will be used for nuclear proliferation or ballistic missile systems. In 2022, these hacks have gone from being a law enforcement problem to a national security problem.”
In his view, 2022 was the year of the hack. While the FTX crash and so-called cryptocurrency winter dominated the headlines, more pressing were the crypto firms that were attacked at “alarming speed and scale.”
In recent months, hackers have impersonated job recruiters and targeted specific individuals who had access to private keys. They have also used initial token offerings and social media to launch attacks, Redbord added.
He said North Korean crypto hackers look for two key characteristics in targets: a high volume of liquidity and vulnerable cyber defenses. Due to the nascent nature of the space, crypto companies exemplify both.
“The tactics that North Korea is engaging in are becoming more sophisticated,” Redbord said. “There’s a sense out there that ‘phishing’ is casting a large net, but the reality is that it’s extremely targeted and highly sophisticated.”