North Korean Lazarus Group is targeting crypto companies with APT attacks
SlowMist reveals a sophisticated APT attack by North Korea’s Lazarus Group targeting the cryptocurrency industry.
Blockchain security firm SlowMist has recently revealed an alarming revelation: The infamous North Korean Lazarus Group is actively targeting the cryptocurrency industry through an advanced persistent threat (APT) attack.
🚨SlowMist Security Alert🚨
Recently, we and our partners discovered a large-scale APT attack directed by the North Korean #LazarusGroup against the cryptocurrency industry.
The attack method is as follows:👇
The attacker first disguises his identity, deceives the auditor… pic.twitter.com/XsM7F0bPcV
— SlowMist (@SlowMist_Team) September 12, 2023
What are APT Attacks?
An advanced persistent threat (APT) is a prolonged, targeted cyberattack where an intruder gains access to a network and remains undetected for an extended period. This kind of attack is generally state-sponsored or carried out by well-funded criminal organizations. What distinguishes APTs from other cyberattacks is the level of sophistication and the attacker’s intent to maintain persistent, unauthorized access to a network. The objective is usually espionage, data theft, or financial gain.
Inside the Lazarus APT operation against crypto companies
Initially, they impersonate legitimate customers, fooling auditors through real-person authentication to create a customer profile. Then, with that trusted identity, they make genuine deposits to further solidify their façade.
You might also like: Tornado Cash creators deny laundering $1b for North Korea hackers
Their sophisticated attack doesn’t stop there. Armed with customer status, they engage with company personnel through Mac or Windows Trojans, which are strategically aimed at employees. Once a Trojan infiltrates the system, the attackers secure permissions that allow them to move laterally within the network. From there, they lie in wait—sometimes for a considerable period—before seizing funds.
The Lazarus group is becoming increasingly threatening to the wider crypto industry. Just last week, the group stole $41 million worth of digital assets from leading crypto casino Stake.
Wallet Addresses of the https://t.co/Ysm8KOCBL1 Hacker are live on the Arkham Platform.
The Stake Hacker removed ~$41M from Stake Hot Wallets in a series of “unauthorized transactions” on Monday.
Since then the hacker has begun moving the funds cross-chain. https://t.co/mCSIWNEX3K pic.twitter.com/XNGKQy5Z0k
— Arkham (@ArkhamIntel) September 7, 2023
Lazarus is one of the most infamous North Korean state-backed ransomware groups. North Korea has been actively using stolen crypto assets to fund its illicit weapons program. Recently, South Korea has developed a new cyber bill to stop North Korea’s crypto heists.