- Japan’s NPA issues public advisory regarding crypto hacks.
- The North Korean hacking group Lazarus is responsible for the attacks.
- The NPA advised affected organizations to be wary of phishing tactics.
Japan’s National Police Agency (NPA) and Financial Services Agency (FSA) issued a public advisory statement on October 14, advising crypto-asset firms in the nation to be on the lookout for “phishing” attacks from the hacking organization Lazarus and its intent on stealing cryptocurrency.
This is the seventh time the government has published a “public attribution” advisory statement, as reported by local media outlets.
The statement claims that the North Korean hacking organization sends emails to crypto asset firm employees while posing as an executive of the company and also approaches them via social media in an effort to obtain access to the company’s network and steal crypto assets.
This cyberattack group sends phishing emails to employees impersonating executives of the target company […] through social networking sites with false accounts, pretending to conduct business transactions […] The cyber-attack group uses the malware as a foothold to gain access to the victim’s network.
According to reports, the Lazarus Group is a government-run foreign intelligence organization with ties to North Korea’s Reconnaissance General Bureau.
The Yomiuri Shimbun quoted Katsuyuki Okamoto of the global IT firm Trend Micro as saying, “Lazarus initially targeted banks in various countries, but recently it has been aiming at crypto assets that are managed more loosely.”
The statement claims that phishing is a frequent tactic employed by North Korean hackers, and the NPA and FSA advise the affected organizations to “not open email attachments or hyperlinks carelessly” and to “keep private keys in an offline environment.”
Individuals and organizations should “not download files from sources other than those whose authenticity can be verified, especially for applications related to cryptographic assets,” the statement added.
The NPA further advised users to “install security software,” “implement multi-factor authentication,” and “not use the same password” for different devices or services to protect their digital assets properly.
Several of these attacks have been carried out effectively against Japanese digital asset businesses, the NPA confirmed, although it did not provide further information.