Threat Management, Email security, Vulnerability Management

Lazarus gang suspected to target deBridge Finance

Cross-chain cryptocurrency platform deBridge Finance was suspected to be targeted by North Korean hacking group Lazarus in a phishing campaign aimed at cryptocurrency theft, according to BleepingComputer. Numerous deBridge Finance employees have been sent phishing emails spoofing company co-founder Alex Smirnov that involved salary adjustments. Included in the email was an HTML file spoofing a PDF pertaining to salary changes and Windows.lnk impersonating a plain text file, with opening the fake PDF launching a cloud storage location with the password for the LNK file. Meanwhile, opening the LNK file prompts Command Prompt execution and remote payload retrieval, noted Smirnov in a thread on Twitter. Some antivirus solutions were able to flag the malware, which has the capability to gather usernames, CPU, operating system, network adapters, running processes, and other system information. Meanwhile, the attack has been associated with the Lazarus group following the discovery of similarities in file names and infrastructure as those leveraged in a previous Lazarus attack reported last month.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.