According to deBridge Co-Founder, the Notorious Lazarus Group attempted a cyber-attack.
The attempted cyber-attack on deBridge Finance was carried out by the “Lazarus Group,” a notorious North Korean-backed hacking syndicate. Alex Smirnov, the co-founder of the cross-chain protocol and project lead, claimed that the attack vector was via email, in which several team members received a PDF file titled “New Salary Adjustments” from a spoofed address that matched the executive’s own. While deBridge Finance was able to thwart the phishing attack, Smirnov warned that the fraudulent campaign targeting Web3-focused platforms is likely widespread.
The attempted assassination of deBridge
According to the executive’s lengthy Twitter thread, the majority of team members immediately flagged the suspicious email, but one downloaded and opened the file. This aided them in investigating the attack vector and comprehending its consequences. Smirnov went on to say that macOS users are safe because opening the link on a Mac results in a zip archive containing the normal PDF file Adjustments.pdf. Windows systems, on the other hand, are not immune to the risks. Instead, Windows users will be directed to an archive containing a dubious password-protected pdf of the same name as well as an additional file called Password.txt.lnk.
In essence, the text file would infect the system. As a result, a lack of anti-virus software will assist the malicious file in infiltrating the machine and being saved in the autostart folder, after which a simple script will begin sending repetitive requests to communicate with the attacker to receive instructions. The co-founder then urged the companies and their employees to never open email attachments without first verifying the sender’s full email address, and to have an internal protocol in place for how teams share attachments.
Lazarus Attackers Prey on Crypto
North Korean hacking groups are notorious for carrying out financially motivated attacks. Lazarus, for example, carried out numerous high-profile attacks on cryptocurrency exchanges, NFT marketplaces, and individual investors with large holdings. The latest attack appears to bear a strong resemblance to previous ones carried out by the hacking syndicate. During the COVID-19 outbreak, Lazarus-led cybercrime saw a massive increase. Earlier this year, the group stole over $620 million from Axie Infinity’s Ronin bridge.
Indeed, despite being economically isolated from the rest of the world, reports show that the country’s cyber program is large and well-organized. According to multiple US government sources, these entities have adapted to Web3 and are now focusing on the decentralized finance space.