North Korea’s Lazarus Behind Years of Crypto Hacks in Japan: Police

Japan’s national police have identified the North Korean hacker group Lazarus as the organization behind several years of crypto-related cyberattacks.

In the public advisory statement issued on October 14, Japan’s National Police Agency (NPA) and Financial Services Agency (FSA) issued a warning to the country’s cryptoasset businesses, asking them to be on guard against “phishing” attacks from the hack. aimed at stealing crypto assets.

The advisory is known as “public attribution” and according to local reports, it is the fifth time in history that the government has issued such a warning.

The statement warns that the hacker group uses social engineering to orchestrate phishing attacks – impersonating executives of a target company to try to lure employees into clicking on malicious links or attachments:

“This cyber attack group sends phishing emails to employees posing as executives at the target company […] through social networking sites with fake accounts, pretending to conduct business transactions […] The cyber attack group [then] uses malware as a foothold to gain access to the victim’s network.”

According to the statement, phishing has been a common method of attack used by North Korean hackers, and the NPA and FSA urge targeted companies to keep their “private keys in an offline environment” and to “not open email attachments or hyperlinks carelessly.”

The statement added that individuals and businesses should “not download files from sources other than those whose authenticity can be verified, especially for applications related to cryptographic assets.”

The NPA also suggested that holders of digital assets “install security software”, strengthen identity authentication mechanisms by “implementing multi-factor authentication” and not use the same password for multiple devices or services.

The NPA confirmed that several of these attacks have been successfully carried out against Japanese-based digital asset firms, but did not disclose any specific details.

Related: ‘No one’s holding them back’ — North Korean cyber attack threat rises

The Lazarus Group is reportedly affiliated with North Korea’s Reconnaissance General Bureau, a government-run foreign intelligence group.

Katsuyuki Okamoto of multinational IT firm Trend Micro told The Yomiuri Shimbun that “Lazarus first targeted banks in various countries, but recently it has targeted cryptoassets that are more loosely managed.”

They have been accused of being the hackers behind the $650 million Ronin Bridge exploit in March, and were identified as suspects in the $100 million attack by tier-1 blockchain Harmony.