The co-founder of deBridge Finance, Alex Smirnov has announced that the cross-chain protocol has identified a failed attempted cyber attack on its platform. Notorious North Korean-backed criminal syndicate, the Lazarus Group, has been identified as the culprit behind the unsuccessful attack.


Alex stated that the attack vector was contained in an email sent to several team members containing a PDF file which was named “New Salary Adjustments”. This email was sent from a spoofed address which mirrored the exec’s own email address. deBridge Finance managed to thwart the attack but Alex warned that the fraudulent campaign could already be widespread and targeted at web3 focused entities.


In a long Twitter thread by Alex, it was revealed that most of the team members who received the suspicious mail flagged it but one such person downloaded and opened the file. This was to help them understand the attack vector and investigate it’s consequences. The co-founder then urged crypto firms and their employees to never open any email attachments without verifying the sender’s full details including the address and to also have an internal format/protocol for how working teams share attachments and mails like these.


Alex explained that MacOS users were safe from the danger as opening the link on a Mac device will lead to a .zip archive with the normal PDF file “Adjustments.pdf”. However, windows users were not safe. If a user opened the link on a Windows OS device, they would be directed to an archive with a password-protected pdf with the same name and another file named Password.txt.Ink. This text file would then attack the system. A lack of anti-virus software will allow the malicious file to enter the OS and be saved in the startup folder. A simple script will then start sending continuous requests to communicate with the attacker in order to get instructions.


Lazarus Group are infamous for conducting state-sponsored cyber attacks. Since the COVID-19 outbreak, cyber-crimes led by the Lazarus Group have increased significantly. Recently, the group stole over $620 million from Axie Infinity’s Ronin Bridge. Reports have revealed that North Korea’s cyber program is large and well-structured despite being isolated from the rest of the world. Multiple U.S. Government sources have reported that the Lazarus Group has adapted to the Web3.0 and are currently targeting decentralized financial platforms.


Featured Image Source:

Leave a Reply

Your email address will not be published. Required fields are marked *

Captcha Plus loading...