- A Paradigm researcher has revealed more North Korean crypto hackers
- The researcher refuted the popular belief that only the Lazarus Group exists
- The other groups include DangerousPassword, APT38, and TraderTraitor
Samczsun, a Paradigm researcher, has revealed that the Lazarus Group isn’t the only crypto hacking group from North Korea. He said that Lazarus Group is the most quoted by media outlets and is often used as an umbrella term for all North Korean hacking groups. Samczsun revealed that the country’s cybercriminals operate under the Reconnaissance General Bureau, adding that hacking groups within the bureau use different tactics to lure victims and steal funds.
Multiple Groups With Diverse Tactics
According to the researcher, some of the groups within the bureau include DangerousPassword, APT38, TraderTraitor, and AppleJeus. TraderTraitor, for example, uses advanced tactics and targets prominent crypto exchanges and platforms like Axie Infinity and WazirX. The FBI also linked the Bybit hack to TraderTraitor
DangerousPassword focuses on stealing personal information, such as emails, by sending compromised attachments to victims on social media platforms, while AppleJeus likes compromising supply chains. AppleJeus is linked to the Radiant Capital hack, which saw $50 million siphoned from the platform.
APT38 first targeted traditional financial institutions before shifting to crypto. Last year, the FBI warned that the group is increasingly targeting crypto and web3 firms like blockchain games and NFT projects.
“Use Common Sense”
To be on the safe side against these hacking groups, the researcher advised individual crypto users to “use common sense and be wary of social engineering tactics.” Samczsun noted that crypto users should be cautious of strangers claiming to possess highly sensitive material that they are willing to share with them.
He added that the crypto community should be on the lookout for people “applying time pressure” to force them to download certain software.
Samczsun advised institutions to limit the number of people with access to sensitive information and systems, use password managers, employ 2FA, and install software that offers “security pre-hack, and visibility post-hack.”
With more North Korean crypto hackers being discovered, it’s to be seen whether it will help slow down the groups’ activities.
