A new report has linked North Korean hacking crew Lazarus to a string of crypto exchange cyberattacks.
The attacks were first reported in 2020 and dubbed “CryptoCore” by cybersecurity firm ClearSky Cyber Security — but no identity was revealed.
Fresh analysis released Monday suggests Lazarus is the group behind CryptoCore, targeting cryptocurrency exchanges in Israel, the US, Europe, and Japan.
Cybersecurity researchers found similarities in tactics used in the CryptoCore campaign with other attacks linked to Lazarus.
The hackers initially launched phishing attacks on employees of crypto exchanges, which installed malware — giving access to crypto wallets.
Last year, ClearSky estimated that $200 million had been stolen since May 2018, with $70 million from heists on crypto exchanges.
The latest report doesn’t state a running total.
Who is Lazarus?
The state-sponsored North Korean hacking group has been thought to be active since 2009.
Lazarus been linked to several cyberattacks, including the 2014 attack on Sony Pictures.
Reports suggest that the crew performs financially motivated attacks to circumvent economic sanctions imposed on North Korea.
According to a 2020 Chainalysis CryptoCrime report, Lazarus has stolen over $1.75 billion in cryptocurrency since 2017.
Prefer to listen to your news? The Protos Podcast delivers the week’s top stories every Friday.