Japanese government blames North Korean Lazarus group for crypto hacks

Japanese government issues a public warning statement on 14th October 2022. The advisory note cautioned all corporations, businesses, and crypto investors to stay vigilant of phishing attacks.

According to the Japanese government, the infamous North Korean Lazarus group is behind the major crypto thefts and hacks in the country. Their common hacking module is orchestrating phishing attacks aimed to steal crypto assets.

Japan’s national police have pinned the years of crypto theft incidents in the country to the state-sponsored Lazarus group.

According to some local reports,  Japan’s National Police Agency (NPA) and Financial Services Agency (FSA) have issued such “public attribution” notes for the fifth time.

The note explains how the group impersonates executives of the company and baits employees into clicking malicious links or attachments.

The authorities in the note said,

This cyber attack group sends phishing emails to employees impersonating executives of the target company […] through social networking sites with false accounts, pretending to conduct business transactions […] The cyber-attack group [then] uses the malware as a foothold to gain access to the victim’s network.

The NPA and FPA have also urged the companies to keep their private keys offline. They have also advised employees to refrain from opening malicious emails from unknown senders and suspicious links and attachments.

The note has also advised people not to carelessly download flies or applications from unverified sources.

Among the key points mentioned in the note, the authorities have advised to “install security software,” to strengthen identity authentication mechanisms by “implementing multi-factor authentication”. They have also asked not to use the same password for multiple devices or platforms.

Lazarus Group is allegedly affiliated with North Korea’s Reconnaissance General Bureau which is a government-run foreign intelligence group.