Cross-chain cryptocurrency platform deBridge Finance was suspected to be targeted by North Korean hacking group Lazarus in a phishing campaign aimed at cryptocurrency theft, according to BleepingComputer.
Numerous deBridge Finance employees have been sent phishing emails spoofing company co-founder Alex Smirnov that involved salary adjustments. Included in the email was an HTML file spoofing a PDF pertaining to salary changes and Windows.lnk impersonating a plain text file, with opening the fake PDF launching a cloud storage location with the password for the LNK file.
Meanwhile, opening the LNK file prompts Command Prompt execution and remote payload retrieval, noted Smirnov in a thread on Twitter. Some antivirus solutions were able to flag the malware, which has the capability to gather usernames, CPU, operating system, network adapters, running processes, and other system information.
Meanwhile, the attack has been associated with the Lazarus group following the discovery of similarities in file names and infrastructure as those leveraged in a previous Lazarus attack reported last month.
This week in the Security News: When you just wanna hurl, malicious containers, FCC bans stuff, these are not the CVE's you're looking for, Linux password mining, mind the gap, hacking smart watches, & more!
Many of the organizations targeted by the group are designated as critical infrastructure, with the agencies flagging the financial services, government, healthcare, manufacturing and information technology sectors as top targets.
Widespread gift card BEC attack detailed Cybercrime operation Lilac Wolverine has launched a massive gift card business email compromise attack, which lures targets into giving gift cards to individuals posing as seriously ill people or having lost relatives to illnesses, ZDNET reports.