North Korean group Lazarus behind $70M crypto exchange attacks, report

A new report has linked North Korean hacking crew Lazarus to a string of crypto exchange cyberattacks.

The attacks were first reported in 2020 and dubbed “CryptoCore” by cybersecurity firm ClearSky Cyber Security — but no identity was revealed.

Fresh analysis released Monday suggests Lazarus is the group behind CryptoCore, targeting cryptocurrency exchanges in Israel, the US, Europe, and Japan. 

Cybersecurity researchers found similarities in tactics used in the CryptoCore campaign with other attacks linked to Lazarus.

The hackers initially launched phishing attacks on employees of crypto exchanges, which installed malware — giving access to crypto wallets.

Last year, ClearSky estimated that $200 million had been stolen since May 2018, with $70 million from heists on crypto exchanges.

The latest report doesn’t state a running total.

Who is Lazarus?

The state-sponsored North Korean hacking group has been thought to be active since 2009.

Lazarus been linked to several cyberattacks, including the 2014 attack on Sony Pictures.

Reports suggest that the crew performs financially motivated attacks to circumvent economic sanctions imposed on North Korea. 

We have published our new report: “Attributing CryptoCore Attacks Against Crypto Exchanges to LAZARUS (North Korea)”.
Our research shows a MEDIUM-HIGH likelihood that Lazarus group attacks crypto exchanges all over the world at least three years.https://t.co/QOCzgrt8Bc pic.twitter.com/kASqdet8OE

— ClearSky Cyber Security (@ClearskySec) May 24, 2021

[Read More: Crypto lost $430M to thieves, hackers, and fraudsters in 2021, report]

According to a 2020 Chainalysis CryptoCrime report, Lazarus has stolen over $1.75 billion in cryptocurrency since 2017.

Prefer to listen to your news? The Protos Podcast delivers the week’s top stories every Friday.