Cryptocurrency exchange BitMEX has exposed critical vulnerabilities in the operations of the Lazarus Group, the North Korean state-backed cybercrime organization behind major crypto breaches at Bybit, Stake, and Phemex.
In a recent blog post, BitMEX revealed that its security team has regularly detected and mitigated attempted attacks on the exchange. Many of these attempts reportedly involved methods and infrastructure associated with the Lazarus Group.
BitMEX noted that these large-scale operations often begin with relatively basic tactics, typically involving phishing attempts to infiltrate the target’s systems.
Phishing is a type of cybercrime where attackers attempt to deceive individuals into revealing sensitive information, such as passwords or financial details, by impersonating legitimate organizations through fraudulent emails or websites.
The crypto exchange pointed to the Bybit breach as a case study, explaining how the Lazarus Group initially gained access by deceiving a Safe Wallet employee into executing malicious code. After securing this entry point, a seemingly more advanced faction within the group took control, carrying out further exploitation. They accessed Safe’s AWS account and altered the wallet’s front-end source code, ultimately leading to the theft from the cold wallets.
“Throughout the last few years, it appears that the group has divided into multiple subgroups that are not necessarily of the same technical sophistication,” BitMEX wrote. “This can be observed through the many documented examples of bad practices coming from these “frontline” groups that execute social engineering attacks when compared to the more sophisticated post-exploitation techniques applied in some of these known hacks,” the exchange added.
Furthermore, BitMEX revealed that one of their employees was recently approached via LinkedIn with a proposal for a potential “NFT Marketplace” Web3 project collaboration. The approach bore striking similarities to tactics frequently used in industry-related cyberattacks, prompting the employee to suspect it was an attempt to deceive them into executing malicious code on their device.
Another key discovery spotlighted both the tracking techniques of the Lazarus Group and notable operational security weaknesses, including the exposure of Chinese IP addresses despite the group’s North Korean affiliations, providing valuable insight into their internal operations.
Read More
- North Korea’s Lazarus Group Expands Crypto Holdings After Bybit Hack
- North Korea’s Lazarus Group Targets Crypto Developers with Malware
- US Is Bent On Seizing Back $2.67M in Crypto Stolen by Lazarus Group
Michaela has no crypto positions and does not hold any crypto assets. This article is provided for informational purposes only and should not be construed as financial advice. The Shib Magazine and The Shib Daily are the official media and publications of the Shiba Inu cryptocurrency project. Readers are encouraged to conduct their own research and consult with a qualified financial adviser before making any investment decisions.