Japan’s NPA claims North Korea’s Lazarus Group is targeting crypto-firms

Lazarus, a North Korean hacking group, has been identified by Japan’s national police as the group responsible for several years’ worth of cyberattacks including cryptography.

The National Police Agency (NPA) and Financial Services Agency (FSA) of Japan issued a public advisory statement encouraging the nation’s crypto-asset enterprises to be cautious of “phishing” assaults by the hacking gang intended to steal crypto-assets. According to local accounts, this is the seventh time in history that the government has issued a “public attribution” advising statement.

How did the phishing happen?

According to the document, the North Korean hacker organization approaches employees of crypto-asset companies on social media and sends emails to them while posing as an executive of the business to access the company’s network and steal crypto-assets.

“This cyber attack group sends phishing emails to employees impersonating executives of the target company […] through social networking sites with false accounts, pretending to conduct business transactions […] The cyber-attack group [then] uses the malware as a foothold to gain access to the victim’s network.”

Authorities have advised caution when opening files attached to emails and keeping secret keys to confidential data away from the Internet to prevent falling victim to such an attack.

The 2017 WannaCry ransomware assault is thought to have been carried out by the North Korean organization too. The United States’ FBI identified the group’s involvement in a case of stolen crypto-assets valued at around $78 billion in April this year.

The NPA and FSA have urged targeted organizations to retain their “private keys in an offline environment” and to “not open email attachments or hyperlinks carelessly.” This, since phishing has reportedly been a prevalent method of attack employed by North Korean hackers.

Specifically for applications using cryptographic assets, the statement continued, people and companies should “not obtain files from sources other than those whose authenticity can be verified.”

The NPA acknowledged that several of these attacks targeting Japanese-based digital asset companies have been effective. However, it withheld any further information.

What is the Lazarus Group?

The North Korean government-run foreign intelligence organization Reconnaissance General Bureau is said to be connected to the Lazarus Group. The Yomiuri Shimbun was informed by Katsuyuki Okamoto of the international IT company Trend Micro that “Lazarus initially targeted banks in various nations, but it has recently been targeting crypto-assets that are managed more loosely.”

They were named as suspects in the $100 million Layer-1 blockchain Harmony assault. They are also suspected of being the hackers behind the $650 million Ronin Bridge breach in March.