If you have been following recent crypto news or are a tech enthusiast, it is likely that you have heard about a February 21st hack on Bybit, the second-largest cryptocurrency exchange. The hack was linked to a notorious North Korean cyber gang, the Lazarus group.
Authorities and Bybit have reported that the stolen funds amount to about $1.5 billion, making it the largest heist in the history of a cryptocurrency exchange. While normalcy has since returned to both the exchange and the crypto space.
The FBI also described this incident as a malicious cyber activity known as “TraderTraitor.”
In addition, the Bureau provided useful tips and information to organizations and stakeholders in the blockchain technology and cryptocurrency industry to help them identify and mitigate these cyber threats against cryptocurrency.
While this article does not delve deeply into the hack, it provides a comprehensive overview of the activities of the “Lazarus Group” and its operations since its first heist.
Read also: Bybit offers $140m reward in funds recovery pursuit, declares war on ‘notorious’ Lazarus Group
What is North Korea’s Lazarus Group?
The Lazarus Group is a notorious cybercriminal organization linked to North Korea’s intelligence agency, the Reconnaissance General Bureau (RGB). It is a North Korean state-sponsored advanced persistent threat (APT) group and has been known globally since at least 2020.
Over the years, the group has carried out major cyberattacks, financial thefts, and espionage operations worldwide. Their activities range from hacking global financial institutions to launching ransomware attacks and cyber-espionage campaigns.
The U.S. government has noted that the group is targeting a range of organizations within the blockchain technology and cryptocurrency sector.
This includes cryptocurrency exchanges, decentralized finance (DeFi) protocols, play-to-earn cryptocurrency video games, cryptocurrency trading companies, venture capital funds that invest in cryptocurrency, and individual holders of significant amounts of cryptocurrency or valuable non-fungible tokens (NFTs).
How they operate
The Lazarus Group employs many cyber tactics to carry out its operations, targeting individuals, financial institutions, and governments worldwide.
One of their primary methods is spear phishing. This is when fraudsters send deceptive emails to individuals and organizations to trick them into revealing sensitive information or installing malware. This tactic allows them to gain unauthorized access to critical systems as in the case of ByBit.
They also specialize in malware deployment, using advanced malware, ransomware, and trojans to infiltrate networks, manipulate data, and disrupt operations. These malicious programs can steal sensitive information, lock users out of their systems, or even destroy data.
Another key speciality is cryptocurrency theft. Since North Korea faces strict international sanctions, Lazarus actively targets crypto exchanges, wallets, and blockchain platforms to steal digital assets, which can be laundered and used to fund state operations.
The group is also involved in financial fraud, hacking banking systems, SWIFT networks, and financial institutions to siphon large sums of money. One of their most infamous attacks was the 2016 Bangladesh Bank heist, where they attempted to steal $1 billion.
Lastly, cyber espionage is a key part of their operations. They target governments, corporations, and defence sectors, stealing classified data, intellectual property, and strategic intelligence to benefit North Korea’s political and military agenda.
Notable attacks by the Lazarus Group
One of the most infamous attacks attributed to Lazarus was the Sony Pictures Entertainment hack.
This attack was allegedly in retaliation for the release of the film, The Interview, which depicted the assassination of North Korean leader Kim Jong-un. Hackers leaked confidential Sony data, including emails, unreleased films, and employee information.
Others include the WannaCry ransomware outbreak, which infected over 200,000 computers in 150+ countries. According to reports, the malware encrypted files and demanded Bitcoin payments for decryption.
What is the world doing about this?
Governments and organizations worldwide have strengthened collaboration on cybersecurity to combat the growing threats. Law enforcement agencies, including the FBI, Interpol, and Europol, work alongside cybersecurity firms to track and disrupt the operations of the group.
Sanctions have also been imposed on individuals and entities linked to these state-sponsored hacking, cutting off their financial networks.
Additionally, intelligence-sharing alliances, such as the Five Eyes (U.S., U.K., Canada, Australia, and New Zealand), help nations coordinate cyber defence strategies and respond to emerging threats.
Organizations, particularly in finance, technology, and defence, have also been advised to increase their cybersecurity investments and threat intelligence sharing. Also, many financial institutions have strengthened their fraud detection systems, blockchain security, and authentication measures to prevent these attacks.
Lastly, The Lazarus Group remains one of the most dangerous state-backed hacking entities, leveraging cybercrime to support North Korea’s geopolitical and financial ambitions. With an increasing focus on cryptocurrency theft, financial fraud, and cyber-espionage, companies would have to take lessons from recent hacks to protect themselves from future occurrences.
Technext Newsletter
Get the best of Africa’s daily tech to your inbox – first thing every morning.
Join the community now!
