deBridge Finance crypto platform targeted by Lazarus hackers

crypto exchange, cryptocurrency, debridge, lazarus group, north korea

Hackers suspected to be from the North Korean Lazarus group tried their luck at stealing cryptocurrency from deBridge Finance, a cross-chain protocol that enables the decentralized transfer of assets between various blockchains.

The threat actor used a phishing email to trick company employees into launching malware that collected various information from Windows systems and allowed the delivery of additional malicious code for subsequent stages of the attack.

Fake PDF and text files

The hackers targeted deBridge Finance employees on Thursday with an email purporting to be from the company co-founder, Alex Smirnov, allegedly sharing new information about salary changes.

crypto exchange, cryptocurrency, debridge, lazarus group, north korea

Email targeting targeting deBridge employees source: Alex Smirnov

The email reached multiple employees and included an HTML file named ‘New Salary Adjustments’ that pretended to be a PDF file along with a Windows shortcut file (.LNK) that poses as a plain text file containing a password.

crypto exchange, cryptocurrency, debridge, lazarus group, north korea

Fake PDF and text files used for targeting deBridge employees source: Alex Smirnov

Clicking the fake PDF opened a cloud storage location claiming to provide a password-protected archive containing the PDF, thus bringing the target to launching the fake text file to obtain the password.

In a thread on Twitter, Smirnov explains that the LNK file executes the Command Prompt with the following command that retrieves a payload from a remote location:

crypto exchange, cryptocurrency, debridge, lazarus group, north korea

Command for fetching malicious script source: Alex Smirnov

The script was created to show a Notepad with the “pdf password: salary2022” and to check if the compromised system is protected by a security solution from ESET, Tencent, or Bitdefender.

crypto exchange, cryptocurrency, debridge, lazarus group, north korea

Script checks for AV processes source: Alex Smirnov

Smirnov says that if the processes for the abovementioned security products are not present, the generated malicious file was saved in the startup folder, to ensure persistence.

This allowed the malware to achieve persistence and send out requests to the attacker’s command and control server for further instructions.

At this stage, the threat actor collected details about the infected system like username, operating system, CPU, network adapters, and running processes.

Smirnov says that the malware used in the attack was flagged by a small number of antivirus solutions.

The email was sent to multiple deBridge employees but most of them reported it as suspicious. However, one of them took the bait and downloaded and opened the document, which allowed Smirnov to analyze the attack.

Tied to North Korean Lazarus hackers

The connection to the North Korean hackers in the Lazarus group was possible due the overlap in file names and infrastructure used in a previous attack attributed to the threat actor.

Back in July, security researchers from PwC U.K. and Malwarebytes reported another campaign from the Lazarus hacker group – also referred to as CryptoCore and CryptoMimic – that used either the same same filenames or similar ones.

crypto exchange, cryptocurrency, debridge, lazarus group, north korea

Malwarebytes and PwC researchers report similar Lazarus campaigns

BleepingComputer has learned that the same campaign has targeting cryptocurrency firms even earlier, in March, when the hackers targeted the crypto trading platform Woo Network with a document pretending to be a job offer from Coinbase cryptocurrency exchange platform.

While the file names are different, the attacker used the same fake PDF trick mask the malicious file and to get the victim to execute it.

In both attacks on deBridge and Woo Network, the hackers used malware for Windows systems. If a macOS system was detected, the victim would get a ZIP archive with a real PDF file.

crypto exchange, cryptocurrency, debridge, lazarus group, north korea

Real PDF delivered to non-Windows machines source: BleepingComputer

North Korea’s Lazarus group has been focusing on hitting companies that rely in their business on blockchain technology and dececentralization concepts.

The threat actor uses social engineering tricks to establish a foothold on the victim computer and then tries to find a way to syphon cryptocurrency funds and assets.

One of the largest cryptocurrency heists attributed to this group is the theft of $620 million in Ethereum from Axie Infinity’s Ronin network bridge.

News Related


BMW M goes hybrid with the new 653hp XM super SUV

The only constant is change and, for better or worse, electrification is coming. Even BMW M knows that. And to get its hardcore M fans ready for that future, BMW ... Read more »

Coronavirus Today: Is COVID-19 the new flu?

Good evening. I’m Karen Kaplan, and it’s Tuesday, Sept. 27. Here’s the latest on what’s happening with the coronavirus in California and beyond. Newsletter Get our free Coronavirus Today newsletter ... Read more »

Weekly lotto ticket buyer wins $1 million in North Carolina

A North Carolina woman won a $1 million prize after buying her weekly lotto ticket. Conway, N.C., resident Sabrina Bottoms buys gas every Sunday night, along with a scratch-off. “I ... Read more »

Judge 4 walks, still at 60 HR; Yankees top Jays, win AL East

TORONTO (AP) — Aaron Judge walked four times and stayed at 60 home runs, one shy of Roger Maris’ American League record, as the New York Yankees clinched the AL ... Read more »

London, Ont. cycling advocates honour late cyclist, call for safer streets

Cycling advocates rode through the rain on Tuesday to call for safer streets in London, Ont., while mourning the loss of one of their peers, Jibin Benoy. On the early ... Read more »

Judge tells accused Waukesha parade killer to ‘stop playing games’ in latest hearing

A Wisconsin judge on Tuesday told the man accused of killing six people at last year’s Waukesha Christmas parade sparred to “stop playing games” as the suspect voiced his intent ... Read more »

The Aaron Judge wait for No. 61 is beginning to grate on people

Everyone in the Yankees’ orbit seems to be tired of waiting for No. 61. Aaron Judge walked four times in five trips to the plate in a 5-2 win over ... Read more »

STACK’s top tech tips – 5 tips for buying tech on a budget

Here are five handy tips that we always try to stick to when we’re buying up tech. 1. Draw up a list of exactly what you need and, like Dorothy ... Read more »

AMD Ryzen 7000 Series Desktop Processors Malaysia release: now available starting from RM1399

Almost a month later, the AMD Ryzen 7000 series has finally made its way to the Malaysian market. Malaysian PC builders and gamers will be able to purchase the latest ... Read more »

VP Harris seeks computer chip partners in Japan meetings

VP Harris seeks computer chip partners in Japan meetings Vice President Kamala Harris has highlighted a new U.S. law boosting support for computer chip manufacturing as she met with Japanese ... Read more »

Lakers open camp with competition for starting spots

Of everything the Lakers need to do — implement new schemes on both sides of the ball, buy into a new coach’s philosophy, remain healthy and mesh as teammates — ... Read more »

After fans dismiss it as ‘pretty gross,’ Netflix drops LGBTQ tag for ‘Dahmer’ series

Netflix’s “Monster: The Jeffrey Dahmer Story” isn’t out of the woods yet. The streaming platform, which was slammed for the “cruel” series by the family of one of Dahmer’s victims, ... Read more »

Self-described ‘incel’ charged with hate crimes in attacks on women in Orange County

A 25-year-old Anaheim man is facing felony assault and hate crime charges in connection with two violent attacks against women in Orange County, prosecutors said Tuesday. Johnny Deven Young posted ... Read more »

White Sox Acting Manager Miguel Cairo Ejected From Twins Opener

Miguel Cairo ejected from White Sox-Twins opener originally appeared on NBC Sports Chicago Acting White Sox manager Miguel Cairo was ejected from Tuesday’s series opener against the Twins. Cairo was ... Read more »

Ontario homeless man and dog walking cross-country arrive in Hedley, B.C.

It’s been quite the journey for well-known Ontario homeless man James Caughill and his dog Muck. Caughill set out to walk from Ontario to Vancouver six years ago and arrived ... Read more »

Yankees beat Blue Jays 5-2, clinch AL East title

TORONTO – Gleyber Torres drove in three runs with three singles to help the New York Yankees clinch the American League East title with a 5-2 win against the Toronto ... Read more »

Robert Cormier Dies: ‘Heartland’ And ‘Slasher: Solstice’ Actor Was 33

Robert Cormier in ABC’s ‘Designated Survivor’ Everett Robert Cormier, a TV and film actor whose credits include playing Finn Cotter on the long-running Canadian series Heartland as well as the ... Read more »

Giants have few places to turn as high-priced receiving corps flounders

The Giants might be in a better position today if a 629-day search for playmaking receivers had come up completely empty. At least then it would make sense how Sterling ... Read more »

Yankees beat Blue Jays to clinch AL East as Aaron Judge continues hunt for 61

TORONTO — The wait is finally over. No, Aaron Judge didn’t tie Roger Maris’ home run record, but the Yankees clinched their first AL East title since 2019 and second ... Read more »

The Absolute Best Fantasy Movies on HBO Max

Keen to stay in fantasy worlds like House of the Dragon and Lord of the Rings? Read more »

How Jackass 3D Led Wee Man To Major Success In The Food Industry

Robin Marchant/Getty Images for Tribeca Film Festival Many of the stars of the “Jackass” franchise managed to take their death (and sometimes logic)-defying stunts and launch successful careers outside one-upping ... Read more »

A first look at the new Netflix series from the Game of Thrones showrunners

It’s one of the most acclaimed sci-fi novels of the modern era. And, come 2023, Liu Cixin’s The Three-Body Problem will also be streamable as a live-action Netflix series, brought ... Read more »

Kevin Feige explains why Marvel didn’t recast T’Challa

Chadwick Boseman passed away in August 2020 after a battle with cancer that the actor kept secret from almost everyone. Marvel found itself having to both grieve the actor and ... Read more »

Apple News users receive obscene Fast Company alert with n-word

An obscene Apple News alert with the n-word was sent by business magazine Fast Company — due to an apparent hack — on Tuesday night. “An incredibly offensive alert was ... Read more »

Cuba without electricity after Hurricane Ian hammers power grid

A classic American car drives past utility poles tilted by Hurricane Ian in Pinar del Rio, Cuba, Tuesday, Sept. 27, 2022. AP Photo/Ramon Espinosa HAVANA — Hurricane Ian knocked out ... Read more »

Tulsa District Attorney Steve Kunzweiler stabbed at home, daughter arrested

An Oklahoma District Attorney was stabbed at his home Tuesday — and his daughter was arrested in the shocking crime, police said. Tulsa County District Attorney Steve Kunzweiler called 911 ... Read more »

Arkansas senator suspended over filing frivolous complaint

Arkansas senator suspended over filing frivolous complaint An Arkansas state senator has been suspended after an ethics panel ruled that he had filed a frivolous complaint against a fellow lawmaker ... Read more »

Teen killed, 4 wounded in shooting after football scrimmage

Teen killed, 4 wounded in shooting after football scrimmage Authorities say a 14-year-old youth was killed and four other students were wounded in a shooting near a northwest Philadelphia high ... Read more »

Inmate serving life for fatal Vegas bombing escapes prison

Inmate serving life for fatal Vegas bombing escapes prison A 42-year-old convicted bombmaker serving life in prison for a deadly 2007 explosion outside a Las Vegas Strip resort has escaped ... Read more »

Cuba without electricity after hurricane hammers power grid

Cuba without electricity after hurricane hammers power grid Hurricane has Ian knocked out power across all of Cuba and devastated some of the country’s most important tobacco farms when it ... Read more »

Actors In Christopher Nolan Movies You May Not Know Passed Away

Jamie Mccarthy/Getty Images It’s hard to believe that Christopher Nolan has been writing, directing and producing films for almost a quarter of a century. The cerebral filmmaker, known for his ... Read more »

Why Carter From NCIS Season 20 Episode 2 Looks So Familiar

CBS In Season 20, Episode 2 (“Daddy Issues”) of “NCIS,” a body is discovered in what is supposed to be a secured government storage facility and the officer who initially ... Read more »

Apple AirPods Pro 2 Scan Reveals Lanyard Loop is Connected to Lightning Port — But Why?

Apple AirPods Pro 2 has undergone a CT scan to give us a glimpse of what is inside the all-new wireless earbuds of the iPhone maker. The Cupertino-based tech giant ... Read more »

KPRC 2 Investigates: Harris, Waller County fire departments understaffed

Emergency Services District 200 has four stations “unstaffed,” according to director. Read more »

Más de 194.000 rusos huyen para evadir reclutamiento

TALLIN, Estonia —  Vsevolod viajó cuatro días en auto desde Moscú hasta la frontera de Rusia con Georgia. En un punto tuvo que abandonar el automóvil y continuar a pie. El ... Read more »

FAFSA Season Starts Oct. 1: Here's What You Need to Know

FAFSA is also used to determine eligibility for other federal student aid programs, like work-study and loans, as well as state and school aid. Read more »

Calgarians fed up with high and fluctuating fuel costs amid low oil prices

Alberta drivers were fuming mad after discovering fuel prices jumped more than just a few cents at many gas stations Tuesday. “I was quite blown away because I paid $1.43 ... Read more »

Rawi Hage, Suzette Mayr among writers who made Scotiabank Giller Prize short list

Rawi Hage, Suzette Mayr and Kim Fu are among the finalists for this year’s $100,000 Scotiabank Giller Prize. Hage, a four-time Giller nominee, is recognized for Stray Dogs, published by ... Read more »

Ex-skipper of HMS Prince Of Wales is sunk by sexual misconduct allegations: Navy Captain is sacked from role on £3.2bn aircraft carrier after MeToo claims

Captain Steve Higham was commander of the £3.2 billion HMS Prince of Wales After leaving the aircraft carrier in May, several allegations against him emergedHe was accused of inappropriate 'mentoring sessions' with female colleagues   Read more »

‘A wicked act of spite to his wife and children’: Ex-Scotland Yard anti-terror cop ‘cancelled his home insurance and then blew himself and his home up by setting off a gas explosion’

Malcolm Baker, 60, died after a fire tore through home in Exmoor National ParkThe former Superintendent is suspected of killing himselfThe father reportedly emptied accounts and cancelled insurance beforehand Read more »
Breaking thailand news, thai news, thailand news Verified News Story Network