lazarus group - Pwim.Net

Lazarus Group Hacks for Crypto via LinkedIn Blockchain Job Posting

A hacking operation that is allegedly backed by North Korea has been reported to be targeting blockchain and cryptocurrency employees through LinkedIn.

Malware Infiltrates LinkedIn

The group of cyber hackers, Lazarus, has been growing their online presence through their huge cyber-attack operations. Since 2017, Lazarus ransomware group has accumulated over $571 million in stolen cryptocurrencies.

According to a report by Finnish cybersecurity firm F-Secure, the latest cyber-attack from Lazarus was conducted through the professional employment-oriented digital platform LinkedIn. Lazarus hackers targeted a blockchain and crypto industry employee through a phishing message. The digital text was presented as a legitimate blockchain job offer and an MS Word document with the title “BlockVerify Group Job Description” was enclosed. Embedded in the MS Word document was a malicious macro code, which automatically launched when the file was open.

Hacking for Crypto

After further investigation, the cybersecurity threat intelligence team behind F-Secure revealed that the names, authors, and document details found in the “BlockVerify Group Job Description” document posted on LinkedIn shared the same publicly available code from VirusTotal, a huge malware and online URL scanning service. Data from VirusTotal confirmed F-Secure’s suspicions of foul play, as findings revealed that the malicious macro code was originally created in 2019. 37 antivirus systems have already reported it since then.

The goal of releasing the malware was to gain login credentials to gain entry into the victim’s network. Through that crucial step, Lazarus could then invade the network digitally and steal cryptocurrency funds.

Furthermore, F-Secure disclosed that the Lazarus Group also shared similar interests as that of the government of North Korea. According to F-Secure cybersecurity experts, the cyber operations set in place by the Democratic People’s Republic of Korea will also very likely target organizations and companies that are not necessarily working within the realm of the crypto industry.

North Korea Has an Army of Hackers

It has been uncovered recently in a tactical report revealed presented by the US army that the North Korean government had more than 6,000 hackers dispersed throughout the world working for them. Countries that had North-Korea based hackers include Belarus, China, India Malaysia, and Russia, to name a few.

The US has long been active in trying to put an end to North Korea’s widespread cryptocurrency-driven cybercrime campaigns and is still actively working on strategically obliterating the illicit online activities.

US Files Lawsuit to Recover Cryptocurrency Accounts Linked to North Korean Hacking Operation

The US Department of Justice has filed a suit against North Korean state-sponsored cyber hackers for allegedly perpetrating two major cryptocurrency heists.

Crypto exchanges suffer North Korean cyber attack

The complaint, filed on Thursday, outlined two hacks that were allegedly conducted by state-sponsored North Korean cybercriminals, and that targeted two cryptocurrency exchanges hit last year. Proton Tokens (PTT), PlayGame tokens (PXG), and IHT Real Estate Protocol tokens were stolen from the first virtual exchange. In order to launder the digital assets, cyber hackers washed out the tokens through Chinese over-the-counter brokers.

The altcoin assets were converted into Bitcoin (BTC), Tether (USDT), and other cryptocurrencies to cover the North Korean cyber criminals’ tracks. The total amount of altcoins and tokens stolen were reported to be equivalent to $272,000.

A similar case was reported by US investigators a few months after the occurrence of the first crypto heist. This time, a US crypto exchange was hacked and $2.5 million in cryptocurrencies were stolen. Once again, US law enforcement said that North Korean operators laundered the virtual funds through Chinese traders that they had coordinated with for previous heists.

Despite the crypto laundering techniques that were employed by North Korean cyber hackers, law enforcement and cybersecurity were able to trace the funds, thanks to blockchain analysis. The stolen cryptocurrency assets were allegedly funneled into 280 cryptocurrency accounts.

In relation to the civil forfeiture complaint filed by US Justice Department, FBI Special Agent Emmerson Buie Jr. spoke up regarding cybersecurity and North Korea’s alleged involvement in cyberattacks. He said:

“Today’s complaint demonstrates that North Korean actors cannot hide their crimes within the anonymity of the internet. International cryptocurrency laundering schemes undermine the integrity of our financial systems at a global level, and we will use every tool in our arsenal to investigate and disrupt these crimes.”

US investigates North Korean cyber operations

In order to tighten cybersecurity and annihilate any national security threat, the US has been actively monitoring North Korean tactics. In a recent tactical report released in July, the US Army had revealed that North Korea currently had more than 6,000 hackers operating under their umbrella. These government-sponsored hackers were dispersed throughout the world and were rumored to be at the basis of illicit cyber hacks.

There is substantial evidence that indicates that the Democratic People’s Republic of Korea (DPRK) may be heavily involved in cybercriminal operations, and US officials have clearly expressed their desire to safeguard national security by tightening cybersecurity ropes.

In the past, two Chinese nationals, Tian YinYin and Li Jiadong, had been sanctioned by the US government for their involvement in laundering over $100 million worth of Bitcoin cryptocurrency funds from a 2018 cyberattack perpetrated by North Korean hackers against a crypto exchange. The two men were identified for their connection to the notorious North Korean state-sponsored cybercriminal ring, Lazarus Group.

Lazarus-Linked Blender.io Added to US Treasury's Sanction List

Bitcoin and cryptocurrency mixing service, Blender.io has been added to the sanctions list by the United States Treasury Department.

The startup which helps facilitate private cryptocurrency transactions was added to the list as investigations showed that it was used by the North Korea-based hacking group, Lazarus who stole $620 million from the Ronin Network.

As detailed by the US Treasury Department, the hackers have used Blender.io to conceal and launder as much as $20.5 million of the illicit proceeds. The Treasury Department believes that the pressure from the United Nations as well as the United States has turned North Korea to start exploring other avenues to fund its nuclear program, and the activities of the Lazarus Group are one manifestation.

“Today, for the first time ever, Treasury is sanctioning a virtual currency mixer,” said Under Secretary of the Treasury for Terrorism and Financial Intelligence Brian E. Nelson. “Virtual currency mixers that assist illicit transactions pose a threat to U.S. national security interests. We are taking action against illicit financial activity by the DPRK and will not allow state-sponsored thievery and its money-laundering enablers to go unanswered.”

The exploit of Axie Infinity’s Ronin Bridge was considered the biggest hack in the decentralized finance world to date and concerted efforts have been deployed by all relevant stakeholders to help the blockchain protocol recover the funds. While Binance recently helped in retrieving $5.8 million which was laundered through the platform, the activities of services like Blender.io come off like a freedom pass for the cybercriminals.

Besides being the go-to platform for the Lazarus Group, the Treasury Department also believes Blender is a viable tool being adopted by other cybercrime rings including Trickbot, Conti, Ryuk, Sodinokibi, and Gandcrab, all connected to Russia.

With the sanctions in place, all of the platform’s properties must be reported to the Office of Foreign Assets Control (OFAC) and among many other restrictions, Americans are banned from doing business with the startup.

Chainalysis Partners with US Regulators to Recover $30m from Ronin Loot

Blockchain analytics and security service provider, Chainalysis has helped in the recovery of $30 million in funds stolen from the Ronin Bridge by the elite North Korean hacking outfit Lazarus Group.

The Chainalysis’s update is yet another attempt to frustrate the laundering activities of the Lazarus Group following the $600 million drain of the Ronin Bridge back in March.

With diligence and advanced tracking tools, Chainalysis could monitor the flow of funds from the intermediate wallets into which the initial funds were siphoned.

“With the help of law enforcement and leading organizations in the cryptocurrency industry, more than $30 million worth of cryptocurrency stolen by North Korean-linked hackers has been seized. This marks the first time ever that cryptocurrency stolen by a North Korean hacking group has been seized, and we’re confident it won’t be the last,” Chainalysis’s Erin Plante said in a Blog Post on Thursday.

The $30 million funds recovery was made despite the laundering complications associated with the Lazarus Group. The recovered cash is a testament to the openness of blockchain technology compared to traditional financial systems.

Power of Collaboration

Chainalysis said it drafted help from a number of industry stakeholders and government agencies to help track and recover the funds.

The sanctions placed by the United States Treasury Department’s Office of Foreign Assets Control (OFAC) on the two most prominent crypto mixing services, Blender.io and Tornado Cash, left the Lazarus hackers with a limited option to launder their proceeds.

Chainalysis described the recovery of the $30 million as the first of the many confiscations to come as it works to make the crypto ecosystem a safe place for all.

While the Ronin Network has reopened its bridge following the hack, this cash recovery brings the total recovered funds to $35.8 million on behalf of Ronin Network. Binance exchange had earlier helped in the recovery of $5.8 million a few weeks after the hack event.

Breaking: CoinsPaid, AtomicWallet, and Alphapo Incidents All Connected to North Korea's Lazarus Group

MistTrack, a renowned crypto tracking and compliance platform, has unveiled potential connections between a series of incidents that have stirred the crypto community. These incidents involve CoinsPaid, AtomicWallet, and Alphapo, three major players in the crypto sphere.

On July 26, 2023, MistTrack hinted at the possibility of the notorious Lazarus Group being behind these incidents. The Lazarus Group, also known as Hidden Cobra, is a cybercrime group believed to be based in North Korea. Known for their cyber espionage and cyber warfare tactics, they have been implicated in a number of high-profile attacks, including the 2014 Sony Pictures hack, the 2016 Bangladesh Bank heist, and the 2017 WannaCry ransomware attack.

The first incident involves Alphapo, a prominent payment processor for various gambling services. On July 23, 2023, Alphapo reported that their hot wallets had been compromised, resulting in the loss of over $23 million in cryptocurrencies, including Ethereum (ETH), TRON (TRX), and Bitcoin (BTC). However, recent updates suggest that the total amount stolen is far greater than initially reported, amounting to $60 million.

The second incident involves Atomic Wallet, a noncustodial decentralized wallet, which reported losses of over $100 million due to a security breach. The losses from the Atomic Wallet heist have now skyrocketed to over $100 million, according to an analysis conducted by Elliptic. This alarming figure highlights the severity of the attack, which compromised an estimated 5,500 crypto wallets.

MistTrack’s investigation revealed that the address TNMW5iEH7CCudMTGFJA9Ch6KSf6J3hAJem received funds from TJXXmeUbie3JBfK7H3UQb43sWnbhhdTJQx, an address allegedly used by the Atomic Wallet hackers. This information was shared in response to a tweet by ZachXBT, who suggested that the Atomic Wallet hack might have been executed by the Lazarus Group. ZachXBT noted, “seeing lots of similarities in the laundering patterns to Ronin + Harmony.”

These findings were further corroborated by @onchainsnoop, who was acknowledged by MistTrack for meticulously unearthing the compelling correlation between these three major incidents. MistTrack extended an invitation to anyone with additional information to direct message or share their findings.

The platform acknowledged the improbability of a full recovery of the stolen funds but emphasized that every clue could help piece together the puzzle and potentially aid in reclaiming a portion of the stolen funds.

FBI Monitors North Korea's Lazarus Group in Major Cryptocurrency Heist

The Federal Bureau of Investigation (FBI) has recently alerted cryptocurrency firms about blockchain activities linked to the theft of a significant amount of cryptocurrency. Within the past day, the FBI has monitored cryptocurrency pilfered by actors affiliated with the Democratic People’s Republic of Korea (DPRK), commonly known as North Korea. These actors, known as the TraderTraitor group, are also recognized as the Lazarus Group and APT38. The agency suspects that North Korea might try to liquidate the bitcoin, which is valued at over $40 million.

Through its investigation, the FBI determined that the TraderTraitor-affiliated entities transferred around 1,580 bitcoin from multiple cryptocurrency thefts. They are presently holding these funds in specific bitcoin addresses, some of which include:

– 3LU8wRu4ZnXP4UM8Yo6kkTiGHM9BubgyiG

– 39idqitN9tYNmq3wYanwg3MitFB5TZCjWu

– 3AAUBbKJorvNhEUFhKnep9YTwmZECxE4Nk

These DPRK TraderTraitor-affiliated actors have been implicated in several notable international cryptocurrency thefts. This includes the theft of $60 million in virtual currency from Alphapo on June 22, 2023, a $37 million heist from CoinsPaid on the same date, and a staggering $100 million theft from Atomic Wallet on June 2, 2023. The FBI had previously shared details about their attacks on Harmony’s Horizon bridge and Sky Mavis’ Ronin Bridge and had issued a Cybersecurity Advisory on TraderTraitor.

The FBI advises private sector companies to scrutinize the blockchain data related to these addresses. They should remain cautious about transactions directly associated with, or originating from, these addresses. The FBI remains committed to unveiling and countering the DPRK’s engagement in illicit activities, such as cybercrime and virtual currency theft, as means to generate revenue. For those with relevant information, the FBI encourages reaching out to their local FBI field office or visiting the FBI’s Internet Crime Complaint Center at “ic3.gov”.

Recent Hack events related to DPRK

North Korea’s Notorious Lazarus Group: The crypto community has been on high alert due to a series of incidents that have been linked to North Korea’s notorious Lazarus Group. MistTrack, a leading crypto tracking platform, unveiled potential connections between the incidents involving CoinsPaid, AtomicWallet, and Alphapo on July 26, 2023. The Lazarus Group, also known as Hidden Cobra, is a cybercrime group believed to be based in North Korea. They have been implicated in several high-profile attacks, including the 2014 Sony Pictures hack, the 2016 Bangladesh Bank heist, and the 2017 WannaCry ransomware attack.

JumpCloud’s System Breach: On July 20, 2023, JumpCloud, an American IT management company, confirmed a system breach by a North Korean government-backed hacking group. This marked a strategic shift in their operations, targeting companies that can provide access to multiple sources of digital currencies. The breach was attributed to “Labyrinth Chollima,” a notorious squad of North Korean hackers with a history of targeting cryptocurrency entities.

Atomic Wallet Heist: North Korean cybercriminals were suspected in a cryptocurrency heist involving Atomic Wallet, where a substantial $35 million was stolen. This incident saw victims appealing directly to the thieves on Twitter, hoping for some semblance of mercy. The US administration has been aware of the potential national security implications of these cybercrimes, with nearly half of North Korea’s missile program funding traced back to these activities.

Euler Finance DeFi Hack: The DeFi world witnessed a significant breach when Euler Finance became the victim of the biggest DeFi hack of 2023, with $197 million in funds stolen. Blockchain investigator Chainalysis identified that some of the stolen funds were transferred to an address linked to North Korea. This incident raised questions about the security of DeFi platforms, highlighting the need for stronger security measures.

Web3 Security Losses Skyrocket to $889.26M in Q3 2023, Says Beosin Report

Key Takeaways

Web3 security losses in Q3 2023 escalate to $889.26M.

North Korean APT group Lazarus emerges as a significant threat, responsible for over $208M in thefts.

Ethereum remains the most targeted blockchain, with losses totaling $227M.

Alarming Surge in Q3 2023 Losses

According to a recent report jointly released by Beosin and SUSS NiFT on September 27, 2023, the third quarter of this year has seen a disturbing rise in Web3 security incidents. Losses have skyrocketed to $889.26M, a figure that outstrips the combined losses of the first two quarters of the year, which were $330M and $333M respectively.

The Lazarus Group: A Formidable Adversary

The report highlights the North Korean APT group Lazarus as a major security threat in Q3 2023. The group has been implicated in thefts totaling over $208M across four significant attacks. Their tactics are complex, involving a range of methods from social engineering to brute force attacks, indicating a high level of sophistication.

Types of Attacks and Vulnerabilities

Private key compromises led the way in types of attacks, causing losses of $223M. Cloud database attacks, notably the Mixin Network incident, accounted for $200M. Contract vulnerabilities were also significant, leading to about $93.27M in losses. DeFi projects were the most frequent targets, suffering 29 attacks that led to $98.23M in losses.

Blockchain and Project Types Most Affected

Ethereum continues to be the most targeted blockchain, with losses amounting to $227M and 16 major attacks. Public blockchains were the most affected among project types, primarily due to the $200M Mixin Network hack. Payment platforms were the next most affected, with two incidents causing combined losses of $97.3M.

Audit and Regulatory Concerns

The report also sheds light on the audit status of the attacked projects. The proportion of audited and non-audited projects was nearly equal, at 48.8% and 46.5% respectively. This raises questions about the effectiveness of current auditing practices in the industry.

Recommendations and Future Outlook

The report suggests that crypto service providers need to be extra vigilant, especially against sophisticated adversaries like the Lazarus group. It recommends regular security training for employees and the implementation of robust monitoring and alert systems.

Disclaimer & Copyright Notice: The content of this article is for informational purposes only and is not intended as financial advice. Always consult with a professional before making any financial decisions. This material is the exclusive property of Blockchain.News. Unauthorized use, duplication, or distribution without express permission is prohibited. Proper credit and direction to the original content are required for any permitted use.

Cross-Chain Crime Hits $7B: North Korean Ties Unveiled

Elliptic, a reputable blockchain analytics entity, shed light on the expanding realm of cross-chain crime. Their 2023 report, ‘The State of Cross-chain Crime,’ delineated that an alarming $7 billion of illicit or high-risk funds have been navigated through cross-chain and cross-asset services. The report further unmasked the Lazarus Group, tied to North Korean hackers, as a notable perpetrator, orchestrating $900 million of the cross-chain crime. The findings underscore an escalating issue, exceeding prior anticipations and posing a grave concern for the blockchain domain.

Reflecting on the trajectory, Elliptic’s initial report released in October 2022 illustrated that $4.1 billion of illicit funds were laundered through decentralized exchanges, cross-chain bridges, and coin swap services up until July 2022. The analytics firm had then forecasted this figure to ascend to $6.5 billion by the end of 2023, and further to $10.5 billion by 2025. Contrary to these projections, recent data reveals an accelerated pace, with $2.7 billion being laundered between July 2022 and July 2023, signaling a surpassing of earlier estimations.

Utilizing cutting-edge research methodologies, and Holistic blockchain analytics, Elliptic has managed to unmask the true scope of cross-chain crime. The analysis divulged that sanctioned and terrorist entities are now in possession of over 80 different assets distributed across more than 26 blockchains. The report also hinted at an enhanced sophistication in laundering techniques with criminals adopting complex cross-chain methods like derivatives trading and limit orders to veil their activities.

Lazarus Group: Emerging as a Significant Cross-Chain Criminal

The Lazarus Group has been pinpointed as a major culprit, standing as the largest source of illicit funds funneled through cross-chain bridges and ranking third in overall cross-chain crime. Their actions echo a rising menace within the crypto arena, accentuating the pressing necessity for fortified security frameworks and adept blockchain analytics to counter cross-chain crime.

Dr. Tom Robinson, Co-founder and Chief Scientist at Elliptic, expressed the firm’s enduring dedication towards diminishing risks and augmenting transparency within blockchain networks by detecting and tracing illicit activities within the crypto sphere. As cross-chain crime trends upward, the imperative for innovative insights via advanced blockchain analytics is underscored to shield the industry from malicious adversaries.

North Korea Notorious Lazarus Group Moves 27.371 Bitcoins

The Lazarus Group, a notorious hacking collective believed to be sponsored by North Korea, has recently initiated significant Bitcoin transactions, sparking speculations about its future moves in the cryptocurrency sector. On January 8, the group transferred 27.371 BTC, equivalent to approximately $1.2 million, in two separate transactions from what analysts suspect to be a cryptocurrency mixer. This move ended a period of inactivity and was followed by sending 3.343 BTC (around $150,582) to an old, inactive address they had used before. Now there are around $82,403,084.35 cryptos in the Lazarus Group accounts.

Blockchain experts from Arkham Intelligence, who reported these transactions, also revealed that the Lazarus Group’s portfolio holds an estimated $79 million post-transactions. Such substantial holdings in cryptocurrency by this group, known for its cybercriminal activities, raise concerns about their potential plans. Lazarus Group has been linked to a series of major cryptocurrency hacks, including the notable attack on the CoinEx exchange and the recent breach of Poloniex, which resulted in a significant financial loss.

The Lazarus Group’s activities have been a significant concern for global cybersecurity and financial sectors. They have reportedly amassed around $3 billion from various cryptocurrency hacks from 2017 to 2023, with about $1.7 billion plundered in 2022 alone. Much of these stolen assets are suspected to fund North Korea’s weapons of mass destruction (WMD) and ballistic missile programs. The group’s methods include exploiting Decentralized Finance (DeFi) protocols and using social engineering tactics to infiltrate cryptocurrency exchange networks

Moreover, the Lazarus Group’s use of mixing services to obscure financial trails and evade tracking efforts highlights the ongoing challenges in regulating and securing the cryptocurrency industry. These services, often found on platforms lacking robust Know Your Customer (KYC) and Anti-Money Laundering (AML) regulations, enable such groups to continue their illicit activities with reduced risk of detection.

Lazarus Group Circumvents Sanctions, Launders $12M Via Tornado Cash

Despite facing international sanctions, North Korea’s notorious Lazarus Group has allegedly resumed its operations using the crypto mixer Tornado Cash to launder approximately $12 million worth of cryptocurrencies. These funds are purportedly linked to cyber heists targeting cryptocurrency platforms HTX and HECO in November, highlighting the persistent threat posed by state-sponsored actors in the digital asset space.

The Lazarus Group, which is believed to be backed by the North Korean government, has been implicated in a series of high-profile cyberattacks aimed at obtaining foreign currency to fund state operations, circumventing the economic sanctions imposed on the country. The latest incident underscores the sophisticated tactics employed by the group to navigate the complex web of decentralized finance (DeFi) and cryptocurrency exchanges.

According to reports, the stolen assets were initially transferred out of the hacked platforms and then converted into Ether tokens through various decentralized exchanges, a process that typically helps obfuscate the trail of the funds. Following the conversion, the funds remained dormant, possibly to avoid detection during the period of heightened scrutiny following the heists.

This week, however, activity was detected as the funds began moving through Tornado Cash, a crypto mixing service designed to enhance transaction privacy by pooling and scrambling cryptocurrencies. It’s important to note that Tornado Cash has been sanctioned by the U.S. Treasury Department, which has accused the service of being a conduit for money laundering activities, including those by the Lazarus Group.

The use of sanctioned services like Tornado Cash by cybercriminals presents a significant challenge to international efforts to curb North Korea’s illicit activities. The sanctions are meant to deter and penalize both the service providers and their users; however, the decentralized and borderless nature of blockchain technology makes enforcement a complex task.

As the Lazarus Group continues its operations, the international community is called to strengthen its response and improve coordination among governments, financial institutions, and the broader cryptocurrency industry. Enhanced due diligence, robust cybersecurity measures, and the development of tools to trace and block the movement of illicit funds are critical in combating the misuse of digital assets.

The persistence of such activities demonstrates the need for a multi-faceted approach that includes technological innovation, regulatory clarity, and international cooperation. The Lazarus Group’s latest maneuvers through Tornado Cash highlight the ongoing cat-and-mouse game between cybercriminals and law enforcement, with implications for the security and integrity of the global financial system.