North Korea’s infamous Lazarus Group is mimicking venture capital firms and banks to steal cryptocurrency, according to a report from cybersecurity company Kaspersky.
The state-sponsored cybercrime group, which was was behind the $625 million Axie Infinity hack in April, is creating domains that present themselves as well-known Japanese, US and Vietnamese companies.
Kaspersky said Lazarus’ BlueNoroff subgroup is using new types of malware delivery methods that bypass security warnings about downloading content. They can then “intercept large cryptocurrency transfers, changing the recipient’s address, and pushing the transfer amount to the limit, essentially draining the account in a single transaction.”