Lazarus Group | Crypto

Bitrefill didn’t reveal how much money was drained in the March 1 incident but said it will absorb the losses using its operational capital. Crypto e-commerce store Bitrefill has revealed it was the victim of a cybersecurity attack on March 1, with the methods used closely resembling those of Lazarus Group, North Korea’s notorious hacking organization. In a post to X on Tuesday, Bitrefill said the hackers used malware, on-chain tracing, and reused IP and email infrastructure to compromise an employee’s laptop, enabling them to drain funds from the company’s hot wallets while also accessing 18,500 purchase records, potentially revealing “limited customer information.” Bitrefill said BlueNoroff Group, another North Korean hacking organization with close ties to the Lazarus Group, may have also been involved or been the sole attacker. Read more

The analysis by the BitMEX security researchers revealed amateur-level operational security lapses in the Lazarus Group's hacker network. The BitMEX crypto exchange’s security team discovered gaps in the operational security of the Lazarus Group, a North Korean (DPRK) government-sponsored cybercrime network, following a counter-operations probe into the organization, which exposed IP addresses, a database, and tracking algorithms used by the malicious group. Security researchers for the exchange say there is a strong likelihood that at least one hacker accidentally revealed his true IP address, which showed the actual location of the hacker to be in Jiaxing, China. Additionally, the BitMEX researchers say they were also able to gain access to an instance of the Supabase database, a platform for easily deploying databases with simple interfaces for applications, used by the hacking group. Read more

The analysis by the BitMEX security researchers revealed amateur-level operational security lapses in the Lazarus Group’s hacker network. The BitMEX crypto exchange’s security team discovered gaps in the operational security of the Lazarus Group, a North Korean (DPRK) government-sponsored cybercrime network, following a counter-operations probe into the organization, which exposed IP addresses, a database, and tracking algorithms used by the malicious group. Security researchers for the exchange say there is a strong likelihood that at least one hacker accidentally revealed his true IP address, which showed the actual location of the hacker to be in Jiaxing, China. Additionally, the BitMEX researchers say they were also able to gain access to an instance of the Supabase database, a platform for easily deploying databases with simple interfaces for applications, used by the hacking group. Read more