The deBridge Cross-chain Protocol Was Attacked By North Korean Hackers From Lazarus Group

• The deBridge cross-chain protocol team reported a phishing attack
• Malware sent out via fake email of one of the co-founders
• Most of the employees identified suspicious emails in a timely manner, but it was not possible to avoid compromise

The co-founder of deBridge Finance announced a cyber attack on the cross-chain protocol. The hackers spoofed the email of one of the executives and sent out infected emails. Most of the employees noticed suspicious activity in time, but one of the employees released malware into the system.

According to Alex Smirnov, the attack vector indicates the involvement of North Korean hackers in the case . We are talking about the infamous Lazarus Group. They used similar methods during raids on other companies.

To lure employees into a trap, the hackers included a PDF file titled “New Payroll Adjustments” in the email. When you try to open a document, you are asked for a password. Next to the PDF, the “Password.txt.lnk” file is prudently located, which infects the entire system.

According to the deBridge co-founder, malware collects information about the user, computer characteristics, running processes, and so on. Moreover, this scheme does not work on macOS, but it feels great on the Windows operating system.

Company representatives admit that the employee compromised the deBridge network. In their opinion, the attack is part of a global operation, since similar letters were seen in other companies. Apparently, the hackers are targeting the Web3 development teams.