North Korean Hackers Behind DeBridge Finance Attack: Co-Founder

Profile picture
7d ago2022-08-05

Alex Smirnov, co-founder and project lead at DeBridge Finance, took to Twitter on Friday to report that his company was the target of an attempted cyberattack by the infamous North Korean Lazarus Group.

DeBridge provides a cross-chain interoperability and liquidity protocol for transferring data and assets between blockchains.

The attack came via a spoofed email received by several DeBridge team members that contained a PDF file named "New Salary Adjustments," which appeared to come from Smirnov.

Email spoofing is a form of attack where a malicious email is manipulated to seem as if it originated from a trusted source, in this case, from the firm’s co-founder.

"We have strict internal security policies and continuously work on improving them as well as educating the team about possible attack vectors," Smirnov wrote.

Even so, Smirnov explained, one person downloaded and opened the file, which triggered an attack on the firm’s internal systems. This prompted an investigation into the attack's origin, how the hackers intended the attack to work, and any potential consequences.

"Fast analysis showed that received code collects A LOT of information about the PC and exports it to [the attacker's command center]: username, OS info, CPU info, network adapters, and running processes," Smirnov said.

Smirnov compared what DeBridge saw with another Twitter post by another user that showed similar characteristics and pointed to the North Korean hacker group.

Smirnov warned his followers to never open email attachments without verifying the sender's full email address and to have an internal protocol for how their team shares attachments.