Alex Smirnov, co-founder of DeBridge Finance and project lead, said on Friday that his company was the subject of an attempted cyberattack by the renowned North Korean Lazarus organisation. Smirnov made his announcement via Twitter.
To facilitate the transfer of data and assets from one blockchain to another, DBridge offers a protocol for cross-chain interoperability and liquidity.
The attack was carried out by means of a bogus email that was sent to various members of the DeBridge team. The email contained a PDF file that was sent by Smirnov and was labelled “New Pay Adjustments.”
Email spoofing is a sort of cyber attack in which a malicious email is modified in such a way that it appears to have originated from a reliable source, such as a co-founder of the company in this instance.
According to what Smirnov has said, “We have stringent internal security measures in place, and we are always working to strengthen them as well as educate the team about potential attack routes.”
Nevertheless, according to Smirnov’s explanation, one employee downloaded and opened the file, which led to an assault on the organization’s internal systems. This sparked an inquiry into the origins of the attack, how the hackers intended for the attack to function, and any possible implications that may have resulted from it.
“Rapid analysis has shown that the code obtained collects a lot of information about the PC and exports it [the attacker’s command centre],” Smirnov said. This includes the username, information about the operating system, information about the central processing unit (CPU), network adapters, and running processes.
Smirnov was able to identify DeBridge by another Twitter post made by a different user. This message displayed features that were similar to DeBridge’s and pointed to a North Korean hacker group.
Smirnov cautioned the people who followed him to never open email attachments without first validating the complete email address of the sender. He also mentioned that his team followed an internal process for how to distribute attachments.
According to reports, the Lazarus Group was responsible for a number of high-profile cryptocurrency thefts, including the theft of $622 million worth of ether from the Axi Infinity Ronin Ethereum sidechain in March and the hacking of the Harmony Horizon Bridge in June.
According to David Schwed, who is the chief operating officer at the blockchain security company Halborn, “these kinds of attacks are extremely regular.” “They count on the inquisitive character of individuals by labelling files that will pique people’s attention, such as pay information, and they rely on the fact that people are curious.