Japan pins years of cyberattacks on North Korea’s Lazarus Group

Getting your Trinity Audio player ready...

Lazarus Group, the cybercrime group linked to the North Korean government, has been targeting Japanese entities for years, the country’s police service and financial regulator have claimed in a joint statement.

Japan’s National Police Agency (NPA) published a public advisory alongside the Financial Services Agency (FSA) claiming that Lazarus has primarily targeted digital asset companies as they are believed to be laxer with their security.

Lazarus Group has been continuously linked to the Reconnaissance General Bureau, the North Korean government’s foreign intelligence group. It has been blamed for some of the biggest attacks on digital asset companies, including this year’s $625 million hack of Axie Infinity’s Ronin Bridge.

NPA and FSA believe that Japanese companies have been some of the group’s biggest targets over the years, they said in the advisory, better known as “public attribution.” According to local news outlets, this is only the fifth time in history that Japanese authorities have used public attribution to alert the public of a threat to their security.

Lazarus Group hackers mainly rely on phishing methods to infiltrate Japanese companies, the two agencies claimed. This includes impersonating executives of a target company to bait unsuspecting employees into clicking on malicious links. Hackers usually send these links via email and social media.

“This cyber-attack group sends phishing emails to employees impersonating executives of the target company […] through social networking sites with false accounts, pretending to conduct business transactions […] The cyber-attack group [then] uses the malware as a foothold to gain access to the victim’s network,” the advisory stated, as reported by the local newspaper Yomiuri Shimbun.

Impersonation and social engineering have proved quite effective for Lazarus, even beyond Japan. The group was revealed to have offered Axie Infinity employees lucrative fake jobs via LinkedIn to lure them to click on links, giving the attackers access to the gaming company’s network.

The two agencies didn’t disclose the names of the companies that have fallen victim to Lazarus in Japan. However, the group has been blamed for the $60 million hack on Zaif exchange and the $32 million hack on BitPoint exchange.

Public attribution is rare in Japan as authorities first make a few arrests before disclosing a criminal network’s ways. However, it’s necessary in some cases, argues Trend Micro’s Katsuyuki Okamoto.

“It’s important to engage in public attribution, as it will raise public awareness of the perpetrator’s tactics and prompt people to take measures.”

Watch: CoinGeek New York panel, Investigating Criminal Activity on the Blockchain