A cross-chain interoperability and liquidity protocol, DeBridge Finance found itself in the crosshairs of the infamous North-Korean Lazarus Group. The group of Lazarus hackers is behind the attempted cyberattack on DeBridge Finance, says co-founder Alex Smirnov.
Reportedly, the attack came via a spoofed email that contained a PDF file named “New Salary Adjustments,” which appeared to come from Smirnov. While most of the DeBridge Finance team was aware enough to identify it as the suspicious email, one member downloaded and opened a file.
This action triggered an attack on the firm’s internal systems which then led to a series of investigations to understand how the attack vector works and its consequences.
Fast analysis showed that received code extracts a lot of information on the PC and exports it to the attacker’s command center. The data breach could possibly include username, OS info, CPU info, network adapters, and running processes, as per analysis.
Smirnov warned his team and followers to keep on the lookout for similar attacks. He also advised to never open email attachments without verifying the sender’s full email address.
The Lazarus Group has been behind several high-profile and costly crypto cyber attacks. According to researchers at Elliptic Connect, the Lazarus hacker group was responsible for the stolen $100 million in crypto assets.
The intensifying and frequent attacks from the Lazarus group have greatly affected many firms, institutions, and reputed entities. Recently, the US DoJ froze $500k along with crypto extorted from N. Korean hackers. The frozen funds include ransoms paid by health care providers in Kansas and Colorado.
