North Korean Hackers Behind Attempted DeBridge Finance Attack: Co-Founder – Decrypt

B

Menu
Search
About
Editor's note: The headline and copy of this story have been updated to clarify that the attack wasn't successful.
Alex Smirnov, co-founder and project lead at deBridge Finance, took to Twitter on Friday to report that his company was the target of an attempted cyberattack by the infamous North Korean Lazarus Group.
DeBridge provides a cross-chain interoperability and liquidity protocol for transferring data and assets between blockchains.
The attack came via a spoofed email received by several deBridge team members that contained a PDF file named "New Salary Adjustments," which appeared to come from Smirnov.
1/ @deBridgeFinance has been the subject of an attempted cyberattack, apparently by the Lazarus group.
PSA for all teams in Web3, this campaign is likely widespread. pic.twitter.com/P5bxY46O6m
— deAlex (@AlexSmirnov__) August 5, 2022

Email spoofing is a form of attack where a malicious email is manipulated to seem as if it originated from a trusted source, in this case, from the firm’s co-founder.
"We have strict internal security policies and continuously work on improving them as well as educating the team about possible attack vectors," Smirnov wrote.
Even so, Smirnov explained, one employee downloaded and opened the file, which prompted an investigation of its origin and how the hackers intended for the attack to workand any potential consequences.
"We made sure that the downloaded file made no impact on our colleague's machine, and then warned the Web3 community so that everyone can be informed and prepared for similar situations," Smirnov told Decrypt.
He compared what deBridge saw with another Twitter post by another user that showed similar characteristics and pointed to the North Korean hacker group.
"Fast analysis showed that received code collects A LOT of information about the PC and exports it to [the attacker's command center]: username, OS info, CPU info, network adapters, and running processes," Smirnov said.
15/ According to the Twitter thread https://t.co/5YThfumjZD files with the same names (but different hashes) were noticed and attributed to Lazarus Group (North-Korean hackers).
— deAlex (@AlexSmirnov__) August 5, 2022

Smirnov warned his followers to never open email attachments without verifying the sender's full email address and to have an internal protocol for how their team shares attachments.
18/ TL;DR: Never open email attachments without verifying the sender’s full email address, and have an internal protocol for how your team shares attachments!
Please stay SAFU and share this thread to let everyone know about potential attacks 🔐 🤝
— deAlex (@AlexSmirnov__) August 5, 2022

The Lazarus Group has allegedly been behind several high-profile crypto hacks, including the $622 million Axie Infinity Ronin Ethereum sidechain hack in March and the Harmony Horizon Bridge hack in June.
¨These types of attacks are fairly common," notes David Schwed, chief operating officer of blockchain security firm Halborn. "They rely on the inquisitive nature of people by naming the files something that would pique their interest, such as salary information.
"We are seeing more and more of these types of attacks specifically targeting blockchain companies given the heightened stakes due to the immutability of blockchain transactions," Schwed added.

source

🤞 Don’t miss these tips!

We don’t spam! Read more in our [link]privacy policy[/link]

close

Don’t miss these tips!

We don’t spam! Read our [link]privacy policy[/link] for more info.


    Leave a comment
    Your email address will not be published. Required fields are marked *

    This site uses Akismet to reduce spam. Learn how your comment data is processed.

    H
    Hemant Malhotra
    Raising a CIBIL Dispute: Types, Status & Process of CIBIL Dispute Resolution
    December 27, 2020
    Save
    Raising a CIBIL Dispute: Types, Status & Process of CIBIL Dispute Resolution
    T
    Tanvi Kaushik
    Small Business Loans: A Boon for Women Entrepreneurs
    August 29, 2022
    Save
    Small Business Loans: A Boon for Women Entrepreneurs
    H
    Hemant Malhotra
    Fullerton India Personal Loan
    April 22, 2021
    Save
    Fullerton India Personal Loan
    Sponsored
    Sponsored Pix
    Subscribe to Our Newsletter

    Don’t miss these tips!

    We don’t spam! Read our [link]privacy policy[/link] for more info.