Lazarus Group
OKX suspends DEX aggregator after Lazarus hackers try to launder funds
OKX Web3 has decided to suspend its DEX aggregator services to implement security upgrades following reports of abuse by the notorious North Korean Lazarus hackers, who recently conducted a $1.5 billion crypto heist. OKX is a leading global cryptocurrency exchange that offers a wide range of trading options, including spot and derivatives trading and decentralized […]
North Korean Lazarus hackers infect hundreds via npm packages
Six malicious packages have been identified on npm (Node package manager) linked to the notorious North Korean hacking group Lazarus. The packages, which have been downloaded 330 times, are designed to steal account credentials, deploy backdoors on compromised systems, and extract sensitive cryptocurrency information. The Socket Research Team discovered the campaign, which linked it to previously […]
FBI confirms Lazarus hackers were behind $1.5B Bybit crypto heist
FBI has confirmed that North Korean hackers stole $1.5 billion from cryptocurrency exchange Bybit on Friday in the largest crypto heist recorded until now. The FBI also encouraged RPC node operators, exchanges, bridges, DeFi services, blockchain analytics firms, and other cryptocurrency service providers to block transactions originating from addresses used by North Korean hackers to […]
Lazarus hacked Bybit via breached Safe{Wallet} developer machine
Forensic investigators have found that North Korean Lazarus hackers stole $1.5 billion from Bybit after hacking a developer’s device at the multisig wallet platform Safe{Wallet}. Bybit CEO Ben Zhou shared the conclusions of two investigations by Sygnia and Verichains, which both found that the attack originated from Safe{Wallet}’s infrastructure. “The attack specifically targeted Bybit by injecting malicious […]
North Korean hackers linked to $1.5 billion ByBit crypto heist
Over the weekend, blockchain security companies and experts have linked North Korea’s Lazarus hacking group to the theft of over $1.5 billion from cryptocurrency exchange Bybit. In what is now considered the largest crypto heist in history, the attackers intercepted a planned transfer of funds from one of Bybit’s cold wallets into a hot wallet, […]
US govt says North Korea stole over $659 million in crypto last year
North Korean state-backed hacking groups have stolen over $659 million worth of cryptocurrency in multiple crypto-heists, according to a joint statement issued by the United States, South Korea, and Japan on Tuesday. The announcement also warns that threat groups linked to the Democratic People’s Republic of Korea (DPRK) are still actively targeting blockchain technology industry […]
North Korean hackers stole $1.3 billion worth of crypto this year
North Korean hackers have stolen $1.34 billion worth of cryptocurrency across 47 cyberattacks that occurred in 2024, according to a new report by blockchain analysis company Chainalysis. This amount represents 61% of the total stolen funds for the year, marking a year-over-year increase of 21%. Although the total number of incidents in 2024 reached a […]
Hackers use macOS extended file attributes to hide malicious code
Hackers are using a novel technique that abuses extended attributes for macOS files to deliver a new trojan that researchers call RustyAttr. The threat actor is hiding malicious code in custom file metadata and also uses decoy PDF documents to help evade detection. The new technique is similar to how the Bundlore adware in 2020 hid its […]
Lazarus hackers used fake DeFi game to exploit Google Chrome zero-day
The North Korean Lazarus hacking group exploited a Google Chrome zero-day tracked as CVE-2024-4947 through a fake decentralized finance (DeFi) game targeting individuals in the cryptocurrency space. Kaspersky discovered the attacks on May 13, 2024, and reported the Chrome zero-day flaw to Google. Google issued a fix for CVE-2024-4947 on May 25, with Chrome version 125.0.6422.60/.61. Lazarus tank games […]
Fake password manager coding test used to hack Python developers
Members of the North Korean hacker group Lazarus posing as recruiters are baiting Python developers with coding test project for password management products that include malware. The attacks are part of the ‘VMConnect campaign’ first detected in August 2023, where the threat actors targeted software developers with malicious Python packages uploaded onto the PyPI repository. According […]