Blockchain security firm SlowMist's 6 December update highlights a concerning trend: the Lazarus Group, backed by North Korea, is intensifying its phishing operations within the cryptocurrency community. This shift primarily targets users on Telegram, employing sophisticated tactics to lure unsuspecting victims.
The hackers are now impersonating notable venture capital figures associated with Archax, HashKey, and Gumi Cryptos. They engage in persistent communication, gradually building trust with crypto teams. Once trust is established, victims are coaxed into running malicious scripts disguised as investment opportunities or meetings, leading to phishing attacks.
Alexandre Masmejean, CEO of Showtime, corroborated these warnings, recounting how FBI agents alerted him to Asian cybercriminals masquerading as the Head of HashKey Singapore Group, attempting to install malware on his device. SlowMist's insights pinpoint the utilisation of Calendly's feature, embedding deceptive links within event pages, a tactic enabling seamless phishing attempts.
Image Source: Slow Mist’s Medium
SlowMist uncovered the use of a specific IP address, 104.168.137.21, associated with domains impersonating diverse projects. The deceptive integration of these links heightens the challenge in detecting potential threats. Vigilance and proactive measures are strongly advised to mitigate risks associated with this malicious IP.
Domains found associated with IP address –104.168.137.21. (Image Source: Slow Mist’s Medium)
The Lazarus Group, reportedly sponsored by North Korea, has a notorious history. They've syphoned approximately $3 billion from the cryptocurrency industry in recent years, allegedly funding the country's weapons program. Notable breaches linked to this group, such as the Ronin bridge exploit, resulted in theft exceeding $600 million.
Chainalysis estimates over $3 billion has been stolen by North Korean hackers within the past five years. South Korean intelligence further supports this, reporting a staggering $1.2 billion theft in BTC and ETH by North Korea in 2022 alone. These incidents underscore the significant threat posed by the Lazarus Group's cyber operations within the crypto sphere.
The escalating sophistication of Lazarus Group's tactics demands increased vigilance within the cryptocurrency community. Implementing stringent security measures and ongoing monitoring are crucial to safeguard against these evolving threats. While the involvement of North Korea-backed hackers continues to be a concern, proactive measures and awareness remain essential shields against potential attacks.
This series of articles will provide an in-depth analysis of the Telegram Bot track and is divided into two articles. The first article is a summary of the track overview, and the second article is a summary of the targets.
JinseFinanceAccording to multiple reports from Korea, Hana Bank is starting to explore blockchain-based deposit tokens for...
LedgerinsightsDelio is suspending withdrawals on its platform following its exposure to Haru Invest, which previously halted its services.
cryptopotato
BeincryptoSky Mavis co-founder and growth lead Jeffrey Zirlin says Axie Infinity wants to double down in South Korea, which they see as one of the most important gaming markets in the world.
CointelegraphThe policy also covers secondary NFT trading as the firm notes that “accounts that provide services or content related to the secondary transaction of digital collections shall also be dealt with.”
CointelegraphSouth Korean authorities are reportedly looking at the Terra crash to check for signs of intentional price manipulation and other issues.
CointelegraphThe ruling party of South Korea is likely to host an urgent meeting on Tuesday with officials from the state's ...
BitcoinistThe two exchanges cited Korea's Act on the Reporting and Use of Specific Financial Transaction Information, a law that requires crypto exchanges to put in place KYC and AML systems.
CointelegraphThe "People Power Party" representative, a South Korean politician Yoon Chang-Hyeon called a parliamentary hearing on TerraUSD (UST) due to ...
Bitcoinist