"deBridge Finance Crypto Platform Targeted by Lazarus Hackers"
Hackers linked to the North Korean Lazarus group attempted to steal cryptocurrency from deBridge Finance, a cross-chain protocol that allows for the decentralized transfer of assets between blockchains. The threat actor tricked company employees into launching malware that collected various information from Windows systems and enabled the delivery of additional malicious code for subsequent stages of the attack using a phishing email. The hackers sent an email purportedly from deBridge Finance co-founder Alex Smirnov, appearing to share new information about salary changes. The email was sent to a large number of employees and included an HTML file named 'New Salary Adjustments,' which pretended to be a PDF file, as well as a Windows shortcut file (.LNK) that posed as a plain text file containing a password. By clicking the fake PDF, the target was taken to a cloud storage location claiming to provide a password-protected archive with the PDF, prompting the target to launch the fake text file to obtain the password. Because of the overlap in filenames and infrastructure used in a previous attack attributed to the threat actor, the connection to the North Korean hackers in the Lazarus group was possible. In July, security researchers from PwC UK and Malwarebytes reported another campaign from the Lazarus hacker group, also known as CryptoCore and CryptoMimic, that used the same or similar filenames. North Korea's Lazarus group has been targeting companies that rely on blockchain technology and decentralized concepts in their operations. The threat actor uses social engineering techniques to gain access to the victim's computer and then attempts to steal cryptocurrency funds and assets. The theft of $620 million in Ethereum from Axie Infinity's Ronin network bridge is one of the largest cryptocurrency heists attributed to this group. This article continues to discuss the targeting of the deBridge Finance platform by the Lazarus group.
Bleeping Computer reports "deBridge Finance Crypto Platform Targeted by Lazarus Hackers"