Japan’s national police accuses the North Korean hacking group, Lazarus, of being the organization behind several years of crypto-related cyber attacks.
In the public advisory statement sent out on October 14, Japan’s National Police Agency (NPA) and Financial Services Agency (FSA) sent a warning to the country’s crypto-asset businesses. They urged them to stay vigilant of “phishing” attacks by the hacking group aimed at stealing crypto assets.
The statement warns that the hacking group uses social engineering to orchestrate phishing attacks.
Japanese police warned that the cyber attack group sends phishing emails to employees of a crypto firm, pretending to be an executive of the company.
These emails pretending to conduct business transactions contain malware and target it through social networking sites with false accounts. The cyber-attack group then uses the malware as a foothold to gain access to the victim’s network to steal crypto assets.
As per the statement, phishing has been a common mode of attack used by North Korean hackers. The NPA and FSA have urged targeted companies to keep their “private keys in an offline environment” and to “not open email attachments or hyperlinks carelessly.”
The statement also added that individuals and businesses should not download files from unknown sources. They should only download from sources whose authenticity can be verified, especially for applications related to cryptographic assets.
The NPA also suggested that digital asset holders “install security software” and strengthen identity authentication mechanisms by “implementing multi-factor authentication.” They also suggested account holders to not use the same password for multiple devices or services.
The NPA confirmed that several of these attacks have been successfully carried out against Japanese-based digital asset firms. However, they haven’t disclosed any specific details.
The Lazarus group have been accused of being the hackers behind the $650 million Ronin Bridge exploit in March, and were identified as suspects in the $100 million attack from layer-1 blockchain Harmony.
