North Korean group of hackers, Lazarus attacked deBridge. The human factor has become a vulnerability again.
deBridge provides cross-chain interoperability and liquidity transfers. “It allows developers to scale up their protocols, bridge any arbitrary assets, and build new types of cross-chain interoperability applications on top of a truly decentralized infrastructure.”
On August 5, Alex Smirnov — co-Founder of deBridge Finance — tweeted that deBridge was attacked by the North Korean hacker group Lazarus.
The attack was the simplest — an email spam for all employees of the company. Hackers simply created an infected archive with a PDF file called “New Salary Adjustments”. Despite the “strict internal security policies” at deBridge, the human factor still played into the hands of hackers, and one of the employees opened the file.
The stages of the attack are very simple. The user tried to open a PDF file, which required a password. Then, the user opened the “password.txt.lnk” file and consequently infected his computer.
Next, the virus checked whether the antivirus was active or not, and if the antivirus is not active, it started collecting information about the computer, and later sent it to the hackers’ command center.
Fortunately, the attack did not affect the operations of deBridge. The virus was quickly detected, studied in an isolated system and erased. What became with the employee who opened the file is not reported.