Japan’s national police have pinned North Korean hacking group, Lazarus, as the organization behind several years of crypto-related cyber attacks.
In the public advisory statement, Japan’s National Police Agency and Financial Services Agency sent a warning to the country’s crypto-asset businesses, asking them to stay vigilant of phishing attacks by the hacking group aimed at stealing crypto assets.
The advisory statement is known as public attribution, and according to local reports, is the fifth time in history that the government has issued such a warning. The statement warns that the hacking group uses social engineering to orchestrate phishing attacks impersonating executives of a target company to try and bait employees into clicking malicious links or attachments:
According to the statement, phishing has been a common mode of attack used by North Korean hackers, with the NPA and FSA urging targeted companies to keep their private keys in an offline environment and to not open email attachments or hyperlinks carelessly.
The NPA also suggested that digital asset holders install security software to strengthen identity authentication mechanisms by implementing multi-factor authentication and not use the same password for multiple devices or services.
The NPA confirmed that several of these attacks have been successfully carried out against Japanese-based digital asset firms, but didn’t disclose any specific details.
