SlowMist reveals a sophisticated APT attack by North Korea’s Lazarus Group targeting the cryptocurrency industry.
Blockchain security firm SlowMist has recently revealed an alarming revelation: The infamous North Korean Lazarus Group is actively targeting the cryptocurrency industry through an advanced persistent threat (APT) attack.
What are APT Attacks?
An advanced persistent threat (APT) is a prolonged, targeted cyberattack where an intruder gains access to a network and remains undetected for an extended period. This kind of attack is generally state-sponsored or carried out by well-funded criminal organizations. What distinguishes APTs from other cyberattacks is the level of sophistication and the attacker’s intent to maintain persistent, unauthorized access to a network. The objective is usually espionage, data theft, or financial gain.
Inside the Lazarus APT operation against crypto companies
Initially, they impersonate legitimate customers, fooling auditors through real-person authentication to create a customer profile. Then, with that trusted identity, they make genuine deposits to further solidify their façade.
Their sophisticated attack doesn’t stop there. Armed with customer status, they engage with company personnel through Mac or Windows Trojans, which are strategically aimed at employees. Once a Trojan infiltrates the system, the attackers secure permissions that allow them to move laterally within the network. From there, they lie in wait—sometimes for a considerable period—before seizing funds.
The Lazarus group is becoming increasingly threatening to the wider crypto industry. Just last week, the group stole $41 million worth of digital assets from leading crypto casino Stake.
Lazarus is one of the most infamous North Korean state-backed ransomware groups. North Korea has been actively using stolen crypto assets to fund its illicit weapons program. Recently, South Korea has developed a new cyber bill to stop North Korea’s crypto heists.