The North Korean-linked Lazarus Group has adopted a new method of breaching crypto firms: sending cryptocurrency to their targets as part of an elaborate social engineering scheme.
According to 23pds, the pseudonymous Chief Information Security Officer (CISO) at Web3 security firm SlowMist, this tactic aims to gain the victim’s trust before deploying malicious code.
23pds revealed that one recipient received at least $400 in USDT, but actual payouts can reach thousands.
He said:
“Lazarus hackers make hundreds or even thousands of dollars in direct payments to their victims in advance… Just to gain the victim’s trust.”
These payments are designed to make the attackers seem legitimate, increasing the likelihood of victims complying with their requests.
Social engineering hacks
Unlike traditional cyberattacks that exploit technical vulnerabilities, the social engineering hack approach focuses on manipulating human behavior.
The hackers identify employees working for crypto firms, establish contact, and send them digital assets to gain credibility. Once trust is established, they trick victims into executing malicious code embedded with backdoors.
These interactions often occur through private GitHub repositories or live chat tools. Once access is granted, the attackers manipulate victims into running compromised code, allowing unauthorized entry into company systems.
Considering this, 23pds warned that crypto firms must strengthen internal security measures and train employees to recognize such deceptive tactics.
He added:
“All platforms, pls check yourself and make sure you pay attention to safety and train your staff on safety awareness.”
North Korean hackers
The incident highlights the evolving nature of crypto-related crimes as security concerns in the industry grow. It also suggests that the Lazarus Group may be preparing for a resurgence after reduced activity in late 2024.
In 2024, North Korean-backed hackers stole $1.34 billion of the total $2.2 billion pilfered from the crypto sector. This marked a staggering 103% increase from the $660 million attributed to North Korea in 2023.
However, their attack frequency declined significantly following a late June 2024 summit between Russian President Vladimir Putin and North Korean leader Kim Jong Un.
