The infamous Lazarus Group which operates from North Korea has struck again, and this time the victim is DeBridge Finance, a cross-chain interoperability and liquidity protocol.
Alex Smirnov, the co-founder and project lead at DeBridge Finance, revealed in a tweet that the platform has been subjected to an attempted cyberattack, apparently by the Lazarus group. The attack is believed to have come through a spoofed email. It contained a PDF file named “New Salary Adjustments” which appeared to have come from Smirov. Experts describe email spoofing as a form of attack wherein a malicious email is manipulated to look like it’s from an original source. Smirnov said DeBridge Finance has strict internal security policies. It works on improving as well as educating the team about the possible attack vectors.
The executive outlined that a person had downloaded and opened the file, and this triggered an attack on the firm’s internal systems. A probe was launched to determine how the hackers intended the exploit to work, and the potential consequences. Smirnov says DeBridge Finance’s analysis showed that the received code collects a lot of information about the PC and exports it to the attacker’s command center – username, OS info, CPU info, network adapters, and running processes. Smirnov had compared the DeBridge Finance attempted hack to similar characteristics used by the North Korean hacker group. The Lazarus Group is notorious for high-profile crypto hacks, including the $622 million Axie Infinity and the Harmony Horizon Bridge hack.
Smirnov warned followers to never open email attachments without verifying the sender’s full email address. He advised followers to have an internal protocol for how their team shares attachments. David Schwed, chief operating officer of Halborn, says these types of attacks are common. It relies on the inquisition nature of people by naming the files something that would pique their interest. Schwed said there are more and more of these types of attacks targeting blockchain companies due to the immutability of blockchain transactions.