thecoinrise.com
According to recent reports, Japanese national police have pointed fingers at North Korean hacking organization Lazarus Group for being the brain behind several cyber attacks on its crypto assets service providers.
Based on a statement issued by Japan’s National Police Agency (NPA) and Financial Services Agency (FSA), the Lazarus group perpetrates its fraudulent attacks by engaging in phishing and social engineering.
Through these linked strategies they are able to impersonate the executives of their victims (companies) and then lure their employees or users into clicking on malicious phishing emails or links. This eventually grants the bad actors access to the backend of the company’s sites.
As per the published statement “This cyber attack group sends phishing emails to employees impersonating executives of the target company […] through social networking sites with false accounts, pretending to conduct business transactions […] The cyber-attack group [then] uses the malware as a foothold to gain access to the victim’s network.”
Japan Government Issues 5th Public Attribution to Crypto Players
In effect, the Japan NPA in collaboration with FSA has issued a warning to the country’s crypto asset firms advising them to be vigilant and watch out for phishing attacks that may strip them of hundreds of millions of dollars in crypto assets.
Precisely, these watchdogs recommended that businesses should store their “private keys in an offline environment” and “not open email attachments or hyperlinks carelessly.” Another warning to individuals and businesses is that they should “not download files from sources other than those whose authenticity can be verified, especially for applications related to cryptographic assets.”
Such an advisory statement is often regarded as “public attribution,” and in the history of Japan, this is the fifth time, the government is issuing some advice, according to a report by Japan News.
Digital asset holders are advised to install security software and ensure that they carry out multi-factor authentication and verification. At the same time, using a single password for several devices or services is greatly discouraged. Although no specifics were mentioned, it was suggested that Lazarus Group has successfully penetrated many Japanese crypto firms.
The attack on the Axie Infinity Ronin bridge which led to the loss of $625 million was associated with the North Korean hacker. Elliptic, a blockchain analytic firm also streamlined Harmony’s Horizon bridge attack which resulted in a loss of around $100 million in altcoins to Lazarus Group.