Reading time: ~2 m
Hackers from the North Korean group Lazarus Group were accused of a cyber attack on the decentralized cryptocurrency protocol Debridge Finance.
Debridge Finance was apparently hacked into the Lazarus Group. To all Web3 project teams: This is most likely a full blown campaign.
The attack is carried out via email. Several of our employees were sent a PDF file called New Salary Adjustments (Change in salary) from an address similar to my own, said Debridge Finance co-founder Alex Smirnov.
When you try to open a PDF file from the archive, a window appears for entering a password, which is allegedly saved in a separate file Password.txt.
When the user clicks on the document, a command is executed that runs a script that exports data from the device to the numerical control (CNC). After that, the system is considered compromised, because any code from the CNC can be executed on the equipment.
Files from archive with malicious code
Smirnov found out that files with exactly the same names were used by members of the Lazarus Group, which is why he blamed them for the cyber attack.
One of the employees of Debridge Finance downloaded an archive with malicious code and infected his computer. Other employees of the firm reported the suspicious e-mail in time, and the threat was eliminated.
#Hackers #Lazarus #Group #attacked #Debridge #Finance #protocol
