Security News > 2022 > August > deBridge Finance crypto platform targeted by Lazarus hackers
Hackers suspected to be from the North Korean Lazarus group tried their luck at stealing cryptocurrency from deBridge Finance, a cross-chain protocol that enables the decentralized transfer of assets between various blockchains.
The hackers targeted deBridge Finance employees on Thursday with an email purporting to be from the company co-founder, Alex Smirnov, allegedly sharing new information about salary changes.
The email reached multiple employees and included an HTML file named 'New Salary Adjustments' that pretended to be a PDF file along with a Windows shortcut file that poses as a plain text file containing a password.
The connection to the North Korean hackers in the Lazarus group was possible due the overlap in file names and infrastructure used in a previous attack attributed to the threat actor.
BleepingComputer has learned that the same campaign has targeting cryptocurrency firms even earlier, in March, when the hackers targeted the crypto trading platform Woo Network with a document pretending to be a job offer from Coinbase cryptocurrency exchange platform.
In both attacks on deBridge and Woo Network, the hackers used malware for Windows systems.
News URL
Related news
- Hackers target FCC, crypto firms in advanced Okta phishing attacks (source)
- Hackers Exploit Misconfigured YARN, Docker, Confluence, Redis Servers for Crypto Mining (source)
- Hackers deploy crypto drainers on thousands of WordPress sites (source)
- Hackers Exploit OpenMetadata Flaws to Mine Crypto on Kubernetes (source)