North Korea's Lazarus behind crypto hacks in Japan: police

By: Micheal Wilson

North Korea's Lazarus behind crypto hacks in Japan: police

October 17, 2022 6:23 AM

The Japanese government claims that the Lazarus Group has been concentrating their attacks on cryptocurrency funds because of the "more loosely managed" nature of these assets.


National police in Japan have identified Lazarus, a hacking group based in North Korea, as the culprit behind a string of crypto-related cyber attacks spanning multiple years.


Japanese authorities issued a public advisory statement on October 14 warning crypto-asset businesses to be on the lookout for "phishing" attacks from a hacking group intent on stealing cryptocurrency.


For the fifth time in recorded history, the government has issued a warning in the form of a public attribution, as reported by local news outlets.


According to the statement, the hacking group conducts phishing attacks by impersonating high-ranking officials at their targets' companies in an effort to trick their employees into opening infected attachments or clicking on suspicious links.


"Using fake profiles on social networking sites, this cyber attack group sends phishing emails to employees pretending to be executives at the target company. Malware is used by the cyber-attack group as a gateway into the victim's network."


The NPA and FSA issued a statement warning businesses that North Korean hackers frequently use phishing as an attack method, and recommending that they "keep private keys in an offline environment" and "not open email attachments or hyperlinks carelessly."


Users and organizations are urged to "not download files from sources other than those whose authenticity can be verified, especially for applications related to cryptographic assets," according to the statement.


Holders of digital assets were also urged by the NPA to "install security software," strengthen identity authentication mechanisms by "implementing multi-factor authentication," and avoid reusing passwords across devices and services.


The NPA has confirmed that a number of these attacks have been carried out against Japanese digital asset firms, though it has not revealed any additional information.


There are allegations that North Korea's Reconnaissance General Bureau, which operates as an overseas intelligence service on behalf of the government, has ties to Lazarus Group.


"Lazarus initially targeted banks in various countries, but recently it has been aiming at crypto assets that are managed more loosely," Katsuyuki Okamoto of global IT firm Trend Micro told The Yomiuri Shimbun.


They were named as suspects in the $100 million layer-1 blockchain Harmony attack and are suspected of being the hackers behind the $650 million Ronin Bridge exploit in March.