Japanese Crypto Exchanges Targeted by North Korean Hackers

Source: AdobeStock / Mieszko9

The notorious North Korean hacker group Lazarus is targeting Japanese cryptoasset companies, and some of these companies have already seen their cryptos be stolen, according to The JapanNews, citing the National Police Agency (NPA).

On Friday, the NPA released an alert, together with the Financial Services Agency and the National Center of Incident Readiness and Strategy for Cybersecurity, stating that there is a high chance that Japanese businesses have been targeted by Lazarus for several years now.

It was the subsequent investigation that led to Lazarus being identified as the group behind these targeted attacks. The investigation was led by the regional police across Japan in collaboration with the NPA’s special investigation unit on cyber-attacks established in April this year.

Japan has used a specific and rarely used method here, called “public attribution” – they came out with a name of a suspected attacker before making any moves such as an arrest. In these cases, they also announce the attackers’ purpose, means of attack, and any other relevant information. This method, per the news outlet, has been seen recently as an effective tool to deter attacks.

Katsuyuki Okamoto of the information security firm Trend Micro Inc. was quoted as saying,

“Lazarus initially targeted banks in various countries, but recently it has been aiming at cryptoassets that are managed more loosely. […] It’s important to engage in public attribution, as it will raise public awareness of the perpetrator’s tactics and prompt people to take measures.”

It is noted that overseas cyber criminals are difficult to identify but that it is still possible to do so through specific investigative methods, including an analysis of viruses and emails.

In the case of Lazarus, the report cited a senior NPA official who said that the group sent phishing emails to employees of the specific, targeted companies, in which they presented themselves as executives of cryptocurrency companies. Furthermore, they communicated with these employees via social media in order to infect their computers with malware.

This method seems to have worked on some companies, which reported the incidents to the police. However, the NPA has not disclosed individual domestic cases linked to Lazarus, said the report.

This would not be the first time the Cryptoverse has crossed paths with Lazarus, though. Just this year, the US Treasury Department sanctioned an Ethereum (ETH) address that it said received the coins stolen in the Ronin Bridge hack. The US Federal Bureau of Investigation (FBI) claimed that the North Korean group was behind this security breach, while the sanctions announcement stated that Lazarus was based in the Potonggang District of the North Korean capital Pyongyang.

The blockchain analytics firm Chainalysis said at the time that the crypto industry needed a greater “understanding of how [North Korea]-affiliated threat actors exploit crypto,” as well as “better security for DeFi protocols.”

North Korea has repeatedly denied that it seeks to hack crypto and has refuted accusations surrounding the Lazarus group, denying its existence altogether, as well as alleged individual members of the group that have been named by the FBI. Pyongyang also previously claimed that accusations of crypto theft were “the sort of fabrication that only the United States” was capable of “inventing” – calling the American government “kings” of hacking.

Meanwhile, The JapanNews cited “sources” who said that Lazarus was involved, among other cases, in the theft of some ¥6.7 billion ($45 million) in Bitcoin (BTC) and other cryptos from the Zaif crypto exchange in 2018, as well as ¥3.5 billion ($23.54 million) in XRP and other assets from Bitpoint Japan in 2019.

____

Learn more:
- Prosecutors: Ethereum Foundation Knew About Virgil Griffith’s North Korea Intentions
- North Korea ‘Funding Weapons Programs’ with Vast Cache of ‘Stolen Crypto’

- N Korea Says It Doesn’t Hack Crypto, Calls the US the World’s ‘King of Hacking & Theft’
- Tornado Cash Reportedly Tied to North Korean Hackers Lazarus Group

- Japanese Crypto Exchanges to Enforce FATF’s Travel Rule Next Month
- Stop Your Crypto Operations in Russia, Washington Tells Japanese Exchanges & Miners