In February, North Korean hackers broke the headlines with what is now considered the largest single hack in the crypto history.
The Lazarus group has stolen at least $ 1.4 billion from Bybit And later delivered those funds to crypto mixers.
“Someone had the biggest hack [crypto] History, and we had a chair in the front row, “Samczsun, research partner at paradigm, recalled In a blog post.
The researcher said they had witnessed the theft and collaborated with Bybit in real time to confirm the unauthorized access.
Samczsun worked with Seal 911, an emergency aid unit that is affiliated with the Security Alliance, a non -profit organization that focuses on securing decentralized systems.
But these attacks are not just about the Lazarus group. The cyber offensives of Noord -Korea is more than previously thought.
There is a misconception about how to “classify and name” the activities of the group.
Although the term “Lazarus Group” “is popularly acceptable”, discuss how the DVK (Democratic People’s Republic of Korea) manages its cyber operations about the attacking needs more strictness, Samczsun claimed.
Lazarus Group has become the preferred term of the media in describing DVK cyberactivity. CyberSecurity -researchers “created more precise names” to show which are working on specific activities, they added.
A hacking desk
The Hacking Ecosystem of the DVK works under the Reconnaissance General Bureau (RGB), which houses various different groups: Applejeus, APT38, DangerousSpassword and Tonertraito
These groups work with specific targeting methods and technical possibilities.
Tradertraitor, identified as the most advanced DVK actor who focuses on the crypto industry, focuses on exchanges with large reserves and used advanced techniques, successful Compromittering Axie Infinity By fake offers and Wazirx manipulate.
Applejeus specializes in complex attacks by Supply Chain, including the 2023 3CX HACK That may have affected 12 million users.
Meanwhile, dangerous password performs lower social engineering via phishing e-mails and malignant messages on platforms such as Telegram.
Another subgroup, APT38, ran from Lazarus in 2016 and focused on financial crimes. It focused on traditional banks for the first time before it put the attention to crypto platforms.
In 2018, the OFAC mentioned ‘North -Korean IT workers’ for the first time, which were in 2023 identified Researchers such as “contagious interview” and “wagemole”, operating through schemes where the threat actors occur as recruiters or try to be hired by target companies.
There is still hope
Although the DVK has demonstrated its assets to use zero-day attacks, there have been “no included or known incidents” that are deployed directly against the crypto industry, Samczsun said.
The researcher urged to implement fundamental security practices at crypto companies, such as the least privilege access, two-factor authentication and device separation. If preventive measures fail, connecting with security groups such as Seal 911 and the DVK unit of the FBI would also be useful.
“DVK hackers pose an ever-growing threat to our industry, and we can’t beat an enemy we don’t know or understand,” wrote Samczsun.
Published by Sebastian Sinclair
Daily debrief Newsletter
Start every day with the top news stories at the moment, plus original functions, a podcast, videos and more.