“The fact that the North Korean government-affiliated Lazarus Group was behind the Ronin attack highlights the level of sophistication that Web3 builders are up against.” — CertiK
Lazarus Group is a North Korean cybercrime organization famous for its cyber exploits, with a spate of attacks attributed to it since 2010. The entity comprises an unknown number of hackers and is believed to be sponsored by the North Korean government. It has been mounting an increasing number of attacks through its several subgroups, including StoneFly, AndAriel and BlueNoroff.
The group has been terrorizing the cryptocurrency world since 2017, when it attacked South Korean crypto investors who had Bitcoin and Monero holdings, employing autonomous modes of spreading new forms of computer viruses that expose vulnerabilities in well-known software programs. Before that, Lazarus Group was known for conducting cyber espionage campaigns that employed distributed denial-of-service attacks to target South Korean government agencies.
Lazarus Group has also orchestrated attacks on multinational corporations like Sony and banking institutions through the SWIFT network, and it also launched a large-scale ransomware attack that affected thousands of computers in countries like Russia, India, Taiwan and Ukraine. The group targeted AstraZeneca during the COVID-19 pandemic in late 2020, employing spear-phishing techniques to hack into computers and steal proprietary COVID-19 research.
The group started 2022 with a $600 million heist on Ronin, the blockchain protocol linked to the popular crypto game Axie Infinity. In what is claimed to be the largest cyber exploit in the history of decentralized finance, Lazarus Group stole 173,600 ETH and 25.5 million USDC by exploiting the gas-free RPC node on Ronin and using hacked private keys to initiate withdrawals.
Following the incident, the U.S. Treasury Department’s Office of Foreign Assets Control placed the group on its Specially Designated Nationals and Blocked Person List, which is meant for terrorists and beneficiaries of authoritarian regimes such as North Korea. Still, the group continued to target energy companies in the U.S., Canada and Japan between February and July, deploying its unique malware VSingle and YamaBot to gain long-term access to compromised networks.
With more than 25 prominent attacks to its name, Lazarus Group has been linked to a new form of cryptocurrency hacking, promoting fake cryptocurrency apps under the brand BloxHolder to spread the AppleJeus malware and steal crypto funds. The group has been at the pinnacle of innovation regarding cyberattacks and has only been gaining strength over time.
Undoubtedly one of the most powerful cybercrime organizations in the world, the Lazarus Group will almost certainly continue to exploit weak protocols and platforms in 2023. The group’s exploits are reportedly used to fund North Korea’s nuclear weapons program, which means it may accelerate the pace of its attacks and become even bolder this year.
The group has shifted its focus to attacking crypto users and firms with never-seen-before malware and viruses. If its 2022 exploits are any indication, 2023 could witness even more cyberattacks from Lazarus Group, necessitating that crypto industry participants deploy the best cybersecurity measures to thwart its malicious efforts.
