The well-known North Korean hacker group Lazarus is targeting Japanese crypto asset firms, and some of them already have had their cryptocurrency stolen, as per The Japan News, citing the National Police Agency (NPA).
On Friday this week, the NPA issued an alert along with the Financial Services Agency and the National Center of Incident Readiness and Strategy for Cybersecurity, warning that there’s a significant likelihood that Japanese firms are being attacked by Lazarus for a number of years.
According to reports, some Japanese businesses have already disclosed that their internal systems have been compromised and their crypto taken.
The investigation that followed resulted in Lazarus being identified as the group responsible for the targeted attacks. The investigation was conducted by the regional police throughout Japan together with the NPA’s investigation unit on cyber-attacks which was formed in April of this year.
Japan has employed a particular and not often used method known as “public attribution” – they announce the name of a suspected attacker prior to making any move, such as an arrest. In these instances they also disclose the attacker’s motive as well as the method of attack and any other information pertinent to the attack. This strategy, according to the outlet’s report, has recently been viewed as a useful method to stop attacks.
Katsuyuki Okamoto of the information security firm Trend Micro Inc. was quoted as saying: It’s been noted that foreign cybercriminals are hard to spot, but it is possible to detect them with particular investigative techniques, which include the analysis of viruses and emails.
In the instance of Lazarus the report mentioned a senior NPA official who stated that the group had sent email phishing messages to employees of specific targeted businesses and portrayed themselves as CEOs of cryptocurrency-related companies. Additionally they communicated with employees through social media platforms to get their computers infected with malware.
This strategy appears to have worked in certain businesses, who have reported the incidents to police. However this method has not been used by the NPA and has not released the specific domestic incidents that were related to Lazarus according to the report.
It’s not the first time that the Crypto verse has met with Lazarus however. This year in the year of it was reported that the US Treasury Department sanctioned an Ethereum (ETH) address which claimed to have received the money stolen during the Ronin Bridge hack. In the announcement, the US Federal Bureau of Investigation (FBI) declared they were this North Korean group of hackers responsible for this security breach. However, the sanctions announcement said that Lazarus was located in the Potong gang District of the North Korean capital Pyongyang.
Blockchain analytics company Chainalysis stated it was at that time the cryptocurrency industry required a better “understanding of how [North Korea]-affiliated threat actors exploit crypto,” in addition to “better security for DeFi protocols.”
North Korea has repeatedly denied that it is seeking to hack crypto, and has repeatedly denied allegations regarding that Lazarus group, disproving its existence in totality and denying the existence of individuals in the group, who were identified as such by the FBI. Pyongyang previously stated that the allegations of theft of crypto have been “the sort of fabrication that only the United States” could be in the position of “inventing” – calling the American government “kings” of hacking.
In the meantime, The Japan News cited “sources” who stated they believed that Lazarus had been involved along with other instances in the theft of Y=6.7 trillion ($45 million) in bitcoin (BTC) and other cryptos from the Zaif cryptocurrency exchange in 2018 as well as Y=3.5 billion ($23.54 million) in XRP as well as other cryptos in the country of Bitcoin Japan in 2019.