Summary of Key Takeaways
- The security team of BitMEX revealed significant flaws of the North Korean cybercrime syndicate known as Lazarus Group.
- One of the hackers mistakenly showed a genuine IP address that was associated with Jiaxing, China signifying operation errors.
- A chain of Lazarus hackers was penetrated in a Supabase database accessed by investigators, which discovered new tools and changing strategies.
- Obvious asymmetry exists between the low-skills social engineering groups and the high cost exploit developers in the same team.
- It is an issue of worldwide concern, and the G7 meeting is scheduled to address the rising theft of cryptos by the group.
- In 2024, Chainalysis found that DPRK-linked actors stole over 1.3 billion worth of crypto over 47 incidents.
BitMEX Reveals Lazarus Group Security Loopholes
Focus Keyword: Crypto Hacks, Lazarus Group
The Lazarus Group, which is known to have been behind big-time cyberattacks, is under the spotlight again after the security division of BitMEX revealed serious security lapses in a rather unique counterintelligence breakthrough.
BitMEX, in turn, stated a series of mistakes made by the group in their report, and this gave an idea of their infrastructure and inner processes that are impressive, given how Lazarus is a rather stealthy hacker group.
Disclosure of Infrastructure: IP Leak and Database Access
One of the most stunning revelations was the discovery of the IP address of one of the hackers which was tracked down to Jiaxing, China, an unusual gaffe based on the reputation of the group to be so disciplined in its operations.
Access to a Supabase database was also achieved (giving insight into the changing toolkit of the group). The use of such platforms as Supabase, normally used in fast backend development, signals an updated cyber arsenal of Lazarus.
Alt name: Lazarus Group Crypto Hacks
Inside Lazarus: Divide of Operations
The investigation conducted by BitMEX showed the increasing rift between Lazarus. According to the report, there was an asymmetry between the groups of teams that used primitive social engineering tricks, and those that operated with advanced blockchain and technology-oriented exploits.
Such division would point to the possibility of Lazarus breaking down to smaller, more specialized, subgroups, each with their own technical capabilities and goals.
A Threat to Global Cybersecurity in Limelight
As much as more than a billion dollars worth of crypto was stolen by North Korea-related hackers in 2024 alone in 47 separate incidents, according to Chainalysis. The most notable hacks were the 1.4-billion Bybit hack in February.
Worse still, the group is already employing rogue IT experts to smuggle themselves into firms and add to the mix of such companies in the inside-job method that is becoming difficult to pick up.
The U.S., Japan, and South Korea have all issued a joint warning about Lazarus concentrating on crypto companies through phony job offers, phishing messages, and resumes full of malware.
G7 Looks to Address Crypto of Lazarus Group
There is an outcry with world leaders likely to bring Lazarus to the limelight through a G7 Summit in Canada. The crypto attacks of the group are not anymore regarded as mere financial crimes but a preferred funding vehicle to the weapons development of North Korea.
According to a latest Bloomberg report, the activities of the Lazarus Group could be hit by an international counter-action very soon.
The official said Lazarus is still very much palpable and a morphing threat and that their modus operandi is developing into a multi-faceted menace.
Final Thoughts: Turning the Tables on Lazarus
The finding by the BitMEX is a turning point in the effort by the world to bring down the elusive operations of Lazarus group. International cybersecurity teams now have a better path laid out to disrupt their backend systems and technical vulnerabilities as they are now out in the open with little to no form of insider knowledge.
Hopefully now that the Lazarus has been exposed as vulnerable, the global law enforcement system will be able to use the newfound vulnerabilities to safely eliminate the threat of the Lazarus–permanently.